Skip to main content

Sap Netweaver Application Server Abap Applications Based On Business Server Pages

1 CVEs product

Monthly

CVE-2026-44760 MEDIUM This Month

Reflected XSS in SAP NetWeaver Application Server ABAP's Business Server Pages (BSP) framework allows remote unauthenticated attackers to inject arbitrary JavaScript into HTTP responses when a victim user interacts with a crafted URL. Successful exploitation enables session token theft and execution of authenticated actions on behalf of the victim within the SAP web context. No public exploit code or CISA KEV listing is identified at time of analysis; CVSS AC:H indicates non-trivial conditions must align for successful delivery, moderating real-world risk despite the enterprise sensitivity of SAP environments.

SAP XSS Sap Netweaver Application Server Abap Applications Based On Business Server Pages
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
EPSS 0% CVSS 4.7
MEDIUM This Month

Reflected XSS in SAP NetWeaver Application Server ABAP's Business Server Pages (BSP) framework allows remote unauthenticated attackers to inject arbitrary JavaScript into HTTP responses when a victim user interacts with a crafted URL. Successful exploitation enables session token theft and execution of authenticated actions on behalf of the victim within the SAP web context. No public exploit code or CISA KEV listing is identified at time of analysis; CVSS AC:H indicates non-trivial conditions must align for successful delivery, moderating real-world risk despite the enterprise sensitivity of SAP environments.

SAP XSS Sap Netweaver Application Server Abap Applications Based On Business Server Pages
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy