exploitDog

CVE-2025-26653

Опубликовано: 08 апр. 2025

Источник: nvd

CVSS3: 4.7

EPSS Низкий

Описание

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page, the injected script gets executed, potentially compromising the confidentiality and integrity within the scope of the victim�s browser. Availability is not impacted.

Ссылки

EPSS

Процентиль: 38%

0.00167

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-wh7c-4922-674m

CVSS3: 4.7

github

10 месяцев назад

SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page, the injected script gets executed, potentially compromising the confidentiality and integrity within the scope of the victim�s browser. Availability is not impacted.

BDU:2025-04847

CVSS3: 4.7

fstec

10 месяцев назад

Уязвимость программной интеграционной платформы SAP NetWeaver Application Server ABAP, связанная с отсутствием мер по очистке входных данных, позволяющая нарушителю осуществлять межсайтовые сценарные атаки (XSS)

EPSS

Процентиль: 38%

0.00167

Низкий

4.7 Medium

CVSS3

Дефекты

CWE-79