Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Engineering SpagoBI ‘Description’字段跨站脚本漏洞
Vulnerability Description
Engineering SpagoBI是意大利Engineering集团公司的一款开源的基于J2EE框架的商业智能套件。该套件主要用于管理BI对象,如报表、记分卡以及数据挖掘模型等,并可通过BI管理器控制、校验、验证与分发这些BI对象。 SpagoBI 4.1之前的版本中存在跨站脚本漏洞。远程攻击者可借助Short文档元数据中的‘Description’字段利用该漏洞注入任意Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A