CVE-2025-23192
Stored Cross-Site Scripting in the BI Workspace module
8.2 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L
SAP BusinessObjects Business Intelligence Platform
ENTERPRISE 430, 2025, 2027
Artur Grochal
SAP BusinessObjects Business Intelligence Platform (BI Workspace) allows an attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will execute in their browser enabling the attacker to potentially access sensitive session information, modify or make browser information unavailable.
PoC: TBA
- 17-12-2024 - Vulnerability reported to vendor
- 10-06-2025 - Security advisory is published by the vendor