CVE-2026-44760
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on Business Server Pages)
Due to a Cross-Site Scripting (XSS) vulnerability, applications based on Business Server Pages framework in SAP NetWeaver Application Server ABAP reflects unsanitized input into the HTTP response which allows an attacker to inject and execute arbitrary JavaScript code under certain conditions. Successful exploitation could allow the attacker to steal session information, perform authenticated actions on behalf of the victim user etc. This vulnerability has low impact on confidentiality and integrity of the data and no impact on application 's availability.
| Vendor | sap_se |
| Product | sap netweaver application server abap (applications based on business server pages) |
| Published | Jul 14, 2026 |
| Last Updated | Jul 14, 2026 |
Get instant alerts for sap_se sap netweaver application server abap (applications based on business server pages)
Be the first to know when new medium vulnerabilities affecting sap_se sap netweaver application server abap (applications based on business server pages) are published โ delivered to Slack, Telegram or Discord.
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N