VDB

CVE-2026-24323

CVE-2026-24323 PUBLISHED CVSS 6.099999904632568 MEDIUM

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

EPSS 0.03% · 8.7th percentile

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.03%
8.7th percentile

Affected Products

VendorProductVersions
sapdocument_management_system604, 605, 606
saperp618
saps4core102, 105, 108
SAP_SESAP Document Management System617, *, SAP_APPL 618

Exploit Intelligence

Timeline

  • Jan 21, 2026 CVE ID Reserved
  • Feb 10, 2026 CVE Published
  • Feb 10, 2026 EPSS Score
  • Feb 10, 2026 CVE Updated
  • Feb 12, 2026 EPSS Score
  • Feb 14, 2026 EPSS Score
  • Feb 16, 2026 EPSS Score
  • Feb 18, 2026 EPSS Score
  • Feb 20, 2026 EPSS Score
  • Feb 22, 2026 EPSS Score
  • Feb 24, 2026 EPSS Score
  • Feb 26, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›