Cross-Site Scripting Vulnerability in SAP Data Services Management Console
CVE-2025-26662

4.4MEDIUM

Key Information:

Vendor

SAP
Status
Data Services Management Console
Vendor
CVE Published:
13 May 2025

What is CVE-2025-26662?

The Data Services Management Console is vulnerable to Cross-Site Scripting (XSS) due to improper encoding of user-controlled inputs. This vulnerability allows an attacker to inject malicious scripts into the console, which are executed in the browser context of a user who clicks on a compromised link. While availability remains unaffected, this exploitation can severely impact the confidentiality and integrity of user data.

References

https://me.sap.com/notes/3558755
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.
CVE-2025-26662 : Cross-Site Scripting Vulnerability in SAP Data Services Management Console