Stored Cross-Site Scripting in SAP BusinessObjects Enterprise
CVE-2026-24325

4.8MEDIUM

Key Information:

Vendor

SAP
Status
SAP Businessobjects Enterprise (central Management Console)
Vendor
CVE Published:
10 February 2026

What is CVE-2026-24325?

The SAP BusinessObjects Enterprise product exposes a vulnerability related to the inadequate encoding of user-controlled inputs, resulting in a Stored Cross-Site Scripting (XSS) issue. This weakness allows an administrator to inject harmful JavaScript code into web pages. Consequently, whenever a user accesses the affected page, the malicious script executes, compromising their interaction with the site. While this vulnerability does not significantly threaten the confidentiality or integrity of the data, it poses a risk to user trust and site integrity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP BusinessObjects Enterprise (Central Management Console) ENTERPRISE 430

SAP BusinessObjects Enterprise (Central Management Console) 2025

SAP BusinessObjects Enterprise (Central Management Console) 2027

References

https://me.sap.com/notes/3697256
https://url.sap/sapsecuritypatchday

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.