CVE-2025-26659

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP (affected versions not specified)

Description The issue is related to a DOM-based Cross-Site Scripting (XSS) vulnerability. It occurs because the software does not sufficiently encode user-controlled inputs. This allows an attacker to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, a malicious JavaScript payload executes in the scope of the victim's browser, potentially compromising their data and/or manipulating browser content. The impact is limited to confidentiality and integrity, with no effect on availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.