CVE-2026-24325

Medium CVSS: 4.8

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.This vulnerability has low impact on confidentiality and integrity of the data. There is no impact on the availability of the application.

Vendor

Sap

Product

Businessobjects Enterprise

CWE

CWE-79

Yayın Tarihi

2026-02-10 04:16:04

Güncelleme

2026-02-17 15:14:43

Source Identifier

cna@sap.com

KEV Date Added

Kategoriler

CWE-79 Businessobjects Enterprise MEDIUM Sap 2026

Referanslar

https://me.sap.com/notes/3697256 https://url.sap/sapsecuritypatchday

Benzer Kayıtlar

Medium

CVE-2026-24314

Under certain conditions SAP S/4HANA (Manage Payment Media) allows an authenticated attacker to access information which…

Medium

CVE-2026-24327

Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages),…

Medium

CVE-2026-24328

SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when cli…

Medium

CVE-2026-24326

Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker w…

Medium

CVE-2026-24321

SAP Commerce Cloud exposes multiple API endpoints to unauthenticated users, allowing them to submit requests to these op…

High

CVE-2026-24322

SAP Solution Tools Plug-In (ST-PI) contains a function module that does not perform the necessary authorization checks f…