CVE-2026-0512

EUVD-2026-22138 MEDIUM

2026-04-14 [email protected]

Sap XSS

6.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 14, 2026 - 00:24 vuln.today

DescriptionNVD

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected.

AnalysisAI

Reflected Cross-Site Scripting (XSS) in SAP Supplier Relationship Management (SRM) SICF Handler allows unauthenticated remote attackers to craft malicious URLs that, when accessed by victims, execute arbitrary JavaScript within their browsers. Successful exploitation enables attackers to steal session credentials, modify procurement data, or perform actions on behalf of authenticated users, affecting confidentiality and integrity of SRM operations. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-0512 vulnerability details – vuln.today

Back