Primary

Context

Hitachi Vantara Pentaho Business Analytics Server Cross-Site Scripting Vulnerability in Analyzer Plugin

Vulnerability

Patched

A cross-site scripting vulnerability has been identified in Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2, including 9.3.x and 8.3.x. The issue arises because the software fails to properly neutralize user-controllable input before it is outputted as a web page for other users. This flaw allows a malicious URL to inject content into the Analyzer plugin interface.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts can be executed in the context of the user's browser. This could enable an attacker to steal cookies containing session information or to perform actions on behalf of the victim, particularly if the victim has administrative rights on the targeted website.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

4.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

4.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitachi Vantara Pentaho Business Analytics Server Cross-Site Scripting Vulnerability in Analyzer Plugin

Vulnerability

Impact

Affected Products

Hitachi Vantara Pentaho Business Analytics Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating