Primary

Context

Hitachi Vantara Pentaho Business Analytics Server Cross-Site Scripting Vulnerability in Analyzer Plugin

Vulnerability

Patched

A cross-site scripting vulnerability has been identified in Hitachi Vantara Pentaho Business Analytics Server versions prior to 10.2.0.2, including 9.3.x and 8.3.x. The issue arises because the software fails to properly neutralize user-controllable input before it is output as a web page for other users. This flaw allows malicious URLs to inject content into the Analyzer plugin interface.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected scripts can be executed in the context of the user's browser. This could lead to the theft of cookies containing session information or the execution of malicious requests on behalf of the victim, potentially causing harm to websites if the victim has administrative privileges.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

4.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

1.7

exploitability

4.5

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hitachi Vantara Pentaho Business Analytics Server Cross-Site Scripting Vulnerability in Analyzer Plugin

Vulnerability

Impact

Affected Products

Hitachi Vantara Pentaho Business Analytics Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating