VDB
CISA-2026-0489
CISA-2026-0489
PUBLISHED
CVSS 6.1 MEDIUM
Reported by sap · Published March 10, 2026
Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting (XSS) vulnerability. This issue had a low impact on the confidentiality and integrity of the application with no impact on availability.
Risk Scores
CVSS 3.1
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP_SE | SAP Business One (Job Service) | B1_ON_HANA 10.0, SAP-M-BO 10.0 |
| SAP_SE | SAP Business One (Job Service) | SAP-M-BO 10.0, *, B1_ON_HANA 10.0 |
Timeline
- Mar 10, 2026 CVE Published
- Mar 10, 2026 CVE Updated