Detections
Analytics

CVE-2026-27682

medium

Description

Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Server Pages), an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim�s browser context. This could allow the attacker to access and/or modify information, impacting the confidentiality and integrity of the application, with no impact to availability.

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3728690

Details

Source: Mitre, NVD

Published: 2026-05-12

Updated: 2026-05-12

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.0002