Home

Description

SAP NetWeaver Application Server for ABAP has cross-site scripting vulnerability. Due to this, an unauthenticated attacker could craft a URL embedded with malicious script and trick an unauthenticated victim to click on it to execute the script. Upon successful exploitation, the attacker could access and modify limited information within the scope of victim's browser. This vulnerability has no impact on availability of the application.

PUBLISHED Reserved 2025-04-16 | Published 2025-08-12 | Updated 2025-08-12 | Assigner sap




MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation

Product status

Default status
unaffected

SAP_BASIS 700
affected

SAP_BASIS 701
affected

SAP_BASIS 702
affected

SAP_BASIS 731
affected

SAP_BASIS 740
affected

SAP_BASIS 750
affected

SAP_BASIS 751
affected

SAP_BASIS 752
affected

SAP_BASIS 753
affected

SAP_BASIS 754
affected

SAP_BASIS 755
affected

SAP_BASIS 756
affected

SAP_BASIS 757
affected

SAP_BASIS 758
affected

SAP_BASIS 816
affected

SAP_BASIS 914
affected

SAP_BASIS 916
affected

References

me.sap.com/notes/3597355

url.sap/sapsecuritypatchday

cve.org (CVE-2025-42942)

nvd.nist.gov (CVE-2025-42942)

Download JSON