| CVE编号 | CVE-2025-26659 |
|---|---|
| 发布日期 | 2025-03-11T00:36:40.932Z |
| 更新日期 | 2025-03-11T14:14:36.613Z |
| 状态 | PUBLISHED |
| 受影响的供应商 | SAP_SE |
| 受影响的产品 | SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) |
| 描述 | SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, the malicious JavaScript payload executes in the scope of victim�s browser potentially compromising their data and/or manipulating browser content. This leads to a limited impact on confidentiality and integrity. There is no impact on availability |
参考链接:
