Primary

Context

SAP Application Server for ABAP Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in SAP Application Server for ABAP. This issue allows authenticated attackers to inject malicious JavaScript payloads that are executed in the context of the victim user's browser when accessing the affected functionality in the BAPI explorer. The vulnerability impacts several different versions and ranges of SAP Application Server for ABAP.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user.

Remediation

Users are advised to consult the SAP Security Notes for guidance on addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.

Added: Oct 14, 2025, 1:25 AM

Updated: Oct 14, 2025, 1:25 AM

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

1.7

exploitability

4.6

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.7

impact

1.7

exploitability

4.6

remediation

0.0

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Application Server for ABAP Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SAP Application Server for ABAP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating