CVE-2025-26653 in NetWeaver Application Server ABAPinformazioni

Riassunto

di MITRE • 08/04/2025

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page, the injected script gets executed, potentially compromising the confidentiality and integrity within the scope of the victim�s browser. Availability is not impacted.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsabile

Sap

Prenotare

12/02/2025

Divulgazione

08/04/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00209

KEV

no

Attività

molto basso

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!