Due to a Cross-Site Scripting (XSS) vulnerability in SAP...
Moderate severity
Unreviewed
Published
Dec 9, 2025
to the GitHub Advisory Database
•
Updated Dec 9, 2025
Description
Published by the National Vulnerability Database
Dec 9, 2025
Published to the GitHub Advisory Database
Dec 9, 2025
Last updated
Dec 9, 2025
Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result, the vulnerability has a low impact on confidentiality and integrity and no impact on availability.
References