CVE-2026-27682
Reflected Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages)
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim�s browser context. This could allow the attacker to access and/or modify information, impacting the confidentiality and integrity of the application, with no impact to availability.
| Vendor | sap_se |
| Product | sap netweaver application server abap (applications based on business server pages) |
| Published | May 12, 2026 |
| Last Updated | May 12, 2026 |
Get instant alerts for sap_se sap netweaver application server abap (applications based on business server pages)
Be the first to know when new medium vulnerabilities affecting sap_se sap netweaver application server abap (applications based on business server pages) are published — delivered to Slack, Telegram or Discord.
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N