Cross-Site Scripting Vulnerability in SAP NetWeaver Application Server ABAP
CVE-2026-44760

4.7MEDIUM

What is CVE-2026-44760?

This vulnerability allows attackers to exploit the SAP NetWeaver Application Server ABAP by injecting unsanitized input into the HTTP responses. As a result, arbitrary JavaScript code can be executed, leading to potential session hijacking and unauthorized actions on behalf of users. It is important for organizations using this framework to implement security measures to sanitize user inputs and regularly update their systems to mitigate risks.

Affected Version(s)

SAP NetWeaver Application Server ABAP (applications based on Business Server Pages) SAP_BASIS 700

SAP NetWeaver Application Server ABAP (applications based on Business Server Pages) SAP_BASIS 701

SAP NetWeaver Application Server ABAP (applications based on Business Server Pages) SAP_BASIS 702

References

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.