Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Network-reachable unauthenticated endpoint (AV:N/PR:N); scope change to browser context (S:C); low C/I reflect session theft and content manipulation; UI:R required for reflected delivery.
Primary rating from Vendor (sap).
CVSS VectorVendor: sap
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.
AnalysisAI
Reflected cross-site scripting in SAP NetWeaver Enterprise Portal enables unauthenticated remote attackers to inject arbitrary JavaScript into URL parameters that are echoed back unencoded in server responses. When a victim with an active portal session visits a crafted URL, the injected script executes in their browser under the portal's origin, permitting session token theft, unauthorized manipulation of portal content, or forced redirection to attacker-controlled resources. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The CVSS vector PR:N/AC:L confirms the vulnerable URL parameter is accessible without authentication and requires no special portal configuration or feature enablement - any default deployment of SAP NetWeaver Enterprise Portal exposing the portal to network-reachable clients is affected. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 6.1 Medium score (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reflects a meaningful but bounded risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker identifies an organization's Internet-facing SAP NetWeaver Enterprise Portal and crafts a URL embedding a JavaScript payload in the vulnerable parameter - for example, a script to exfiltrate document.cookie to an attacker-controlled host. The attacker sends this link via phishing email to a portal administrator or finance user with elevated SAP roles, spoofing a legitimate SAP notification. … |
| Remediation | The primary remediation is to apply SAP's patch as documented in SAP Note 3746678 (https://me.sap.com/notes/3746678); the exact patched version or support package stack level must be confirmed via that note, as specific version details are not independently available from the current data set - consult the SAP Security Patch Day page (https://url.sap/sapsecuritypatchday) for release-specific guidance. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43589
GHSA-fhgw-7ffq-9wp7