{"vulnerability": "CVE-2023-0018", "sightings": [{"uuid": "41b908fe-b993-4f3b-9b4b-21c7e24dfa22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-0018", "type": "seen", "source": "https://t.me/cibsecurity/56207", "content": "\u203c CVE-2023-0018 \u203c\n\nDue to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-10T07:28:04.000000Z"}]}