PT-2026-57938 · Sap Se · Sap Netweaver Application Server Java
Published
2026-07-14
·
Updated
2026-07-14
·
CVE-2026-44752
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N |
SAP NetWeaver Application Server Java allows an unauthenticated attacker to inject malicious JavaScript through crafted URLs. When a victim accesses such a URL, the script executes in the user's browser, allowing the attacker to access sensitive session information and modify non-sensitive data displayed in the client�s browser. This results in a high impact on confidentiality, low impact on integrity with no impact on availability of the application.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver Application Server Java