Skip to main content

Sap Netweaver Enterprise Portal

1 CVEs product

Monthly

CVE-2026-44759 MEDIUM This Month

Reflected cross-site scripting in SAP NetWeaver Enterprise Portal enables unauthenticated remote attackers to inject arbitrary JavaScript into URL parameters that are echoed back unencoded in server responses. When a victim with an active portal session visits a crafted URL, the injected script executes in their browser under the portal's origin, permitting session token theft, unauthorized manipulation of portal content, or forced redirection to attacker-controlled resources. No public exploit code has been identified at time of analysis and no CISA KEV listing exists, though the unauthenticated network-accessible attack surface and low complexity make phishing-based delivery operationally straightforward.

SAP XSS Sap Netweaver Enterprise Portal
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected cross-site scripting in SAP NetWeaver Enterprise Portal enables unauthenticated remote attackers to inject arbitrary JavaScript into URL parameters that are echoed back unencoded in server responses. When a victim with an active portal session visits a crafted URL, the injected script executes in their browser under the portal's origin, permitting session token theft, unauthorized manipulation of portal content, or forced redirection to attacker-controlled resources. No public exploit code has been identified at time of analysis and no CISA KEV listing exists, though the unauthenticated network-accessible attack surface and low complexity make phishing-based delivery operationally straightforward.

SAP XSS Sap Netweaver Enterprise Portal
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy