CVE-2026-24325

Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)

CVSS 4.8 MEDIUMEPSS 0.2%CWE-79

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 4.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 feb 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.This vulnerability has low impact on confidentiality and integrity of the data. There is no impact on the availability of the application.

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Productos afectados

SAP_SE · SAP BusinessObjects Enterprise (Central Management Console)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://me.sap.com/notes/3697256 https://url.sap/sapsecuritypatchday