๐Ÿ” CVE Alert

CVE-2026-44760

MEDIUM 4.7

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)

CVSS Score
4.7
EPSS Score
0.0%
EPSS Percentile
0th

Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions. Successful exploitation could allow the attacker to steal session information, perform authenticated actions on behalf of the victim user etc. This vulnerability has low impact on confidentiality and integrity of the data and no impact on application 's availability.

Vendor sap_se
Product sap netweaver application server abap (applications based on business server pages)
Published Jul 14, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for sap_se sap netweaver application server abap (applications based on business server pages)

Be the first to know when new medium vulnerabilities affecting sap_se sap netweaver application server abap (applications based on business server pages) are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Affected Versions

SAP_SE / SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)
SAP_BASIS 700 SAP_BASIS 701 SAP_BASIS 702 SAP_BASIS 731 SAP_BASIS 740 SAP_BASIS 750 SAP_BASIS 751 SAP_BASIS 752 SAP_BASIS 753 SAP_BASIS 754 SAP_BASIS 755 SAP_BASIS 756 SAP_BASIS 757 SAP_BASIS 758 SAP_BASIS 816 SAP_BASIS 918 SAP_BASIS 919 SAP_BASIS 920

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
me.sap.com: https://me.sap.com/notes/3754659 url.sap: https://url.sap/sapsecuritypatchday