Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.Referenceshttp://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdfhttp://osvdb.org/68680
