Severity by source
AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Network-accessible reflected XSS; AC:H for specific BSP parameter condition; UI:R for mandatory victim interaction; S:C for browser context pivot; no server availability impact.
Primary rating from Vendor (sap).
CVSS VectorVendor: sap
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions. Successful exploitation could allow the attacker to steal session information, perform authenticated actions on behalf of the victim user etc. This vulnerability has low impact on confidentiality and integrity of the data and no impact on application 's availability.
AnalysisAI
Reflected XSS in SAP NetWeaver Application Server ABAP's Business Server Pages (BSP) framework allows remote unauthenticated attackers to inject arbitrary JavaScript into HTTP responses when a victim user interacts with a crafted URL. Successful exploitation enables session token theft and execution of authenticated actions on behalf of the victim within the SAP web context. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target SAP system exposes one or more BSP framework application endpoints over a network-reachable interface (consistent with AV:N), and that the specific BSP page and parameter being requested reflects user input unsanitized into the response - not all BSP pages or parameters are necessarily vulnerable, which aligns with the AC:H rating. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.7 Medium score with vector AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N presents a nuanced risk picture. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker identifies a BSP application endpoint on an internet-facing SAP NetWeaver system where a URL query parameter is reflected unsanitized into the response HTML. The attacker crafts a URL embedding a JavaScript payload (e.g., a cookie-stealing script) and delivers it to a logged-in SAP business user via a phishing email or poisoned internal hyperlink. … |
| Remediation | Apply the fix documented in SAP Security Note 3754659 (https://me.sap.com/notes/3754659) as the primary remediation; the exact patched version must be confirmed directly from the note, as no specific release version is extractable from the available intelligence data (patch available per vendor advisory). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43590
GHSA-xvvp-5jh4-5684