CVE-2026-44759
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP NetWeaver Enterprise Portal | EP-RUNTIME 7.50 | affected |
Weaknesses
- CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.