PT-2026-39918 · Sap · Sap Netweaver Application Server Abap

Published

2026-05-12

·

Updated

2026-06-03

·

CVE-2026-27682

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP (affected versions not specified)
Description A reflected cross-site scripting (XSS) issue exists in SAP NetWeaver Application Server ABAP within applications based on Business Server Pages. An unauthenticated attacker can craft a URL containing a malicious script in an unprotected URL parameter. When a victim clicks the link, the script is executed in the victim's browser context during web page generation. This allows the attacker to access or modify information, affecting the confidentiality and integrity of the application.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-27682

Affected Products

Sap Netweaver Application Server Abap