CVE-2025-42920

Name of the Vulnerable Software and Affected Versions: SAP Supplier Relationship Management (affected versions not specified)

Description: A Cross-Site Scripting (XSS) vulnerability exists in SAP Supplier Relationship Management. An unauthenticated attacker can create a malicious link and, if clicked by an authenticated victim, execute malicious content within the victim’s browser. This allows the attacker to access and modify information within the victim's browser scope, impacting confidentiality and integrity.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.