CVE-2026-24323 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-24323 PUBLISHED CVSS 6.099999904632568 MEDIUM

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

EPSS 0.03% · 6.7th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.03%

6.7th percentile

Affected Products

Vendor	Product	Versions
sap	document_management_system	600, 602, 603
sap	erp	618
sap	s4core	102, 103, 104
SAP_SE	SAP Document Management System	SAP_APPL 618, 617, S4CORE 102

Timeline

Jan 21, 2026 CVE ID Reserved
Feb 10, 2026 CVE Published
Feb 10, 2026 EPSS Score
Feb 10, 2026 CVE Updated
Feb 11, 2026 EPSS Score
Feb 13, 2026 EPSS Score
Feb 14, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 17, 2026 EPSS Score
Feb 19, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score

References

Open in Interactive Console →