Home

Description

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.This vulnerability has low impact on confidentiality and integrity of the data. There is no impact on the availability of the application.

PUBLISHED Reserved 2026-01-21 | Published 2026-02-10 | Updated 2026-02-10 | Assigner sap




MEDIUM: 4.8CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Problem types

CWE-79: Improper Neutralization of Input During Web Page Generation

Product status

Default status
unaffected

ENTERPRISE 430
affected

2025
affected

2027
affected

References

me.sap.com/notes/3697256

url.sap/sapsecuritypatchday

cve.org (CVE-2026-24325)

nvd.nist.gov (CVE-2026-24325)

Download JSON