CVE-2025-0054
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server Java
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.4EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
11 feb 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
SAP NetWeaver Application Server Java does not sufficiently handle user input, resulting in a stored cross-site scripting vulnerability. The application allows attackers with basic user privileges to store a Javascript payload on the server, which could be later executed in the victim's web browser. With this the attacker might be able to read or modify information associated with the vulnerable web page.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Productos afectados
SAP_SE · SAP NetWeaver Application Server Java¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →