CVE-2025-42872

Medium CVSS: 6.1

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result, the vulnerability has a low impact on confidentiality and integrity and no impact on availability.

Vendor

Product

CWE

CWE-489

Yayın Tarihi

2025-12-09 16:17:51

Güncelleme

2025-12-09 18:36:53

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-489 MEDIUM 2025

Referanslar

https://me.sap.com/notes/3662622 https://url.sap/sapsecuritypatchday