VDB

CVE-2026-24325

CVE-2026-24325 PUBLISHED CVSS 4.800000190734863 MEDIUM

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.This vulnerability has low impact on confidentiality and integrity of the data. There is no impact on the availability of the application.

EPSS 0.01% · 1.9th percentile

Risk Scores

CVSS v3.1
4.800000190734863
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.01%
1.9th percentile

Affected Products

VendorProductVersions
SAP_SESAP BusinessObjects Enterprise (Central Management Console)ENTERPRISE 430, 2027, 2025
sapbusinessobjects_enterprise430, 2027, 2025

Timeline

  • Jan 21, 2026 CVE ID Reserved
  • Feb 10, 2026 CVE Published
  • Feb 10, 2026 EPSS Score
  • Feb 10, 2026 CVE Updated
  • Feb 12, 2026 EPSS Score
  • Feb 14, 2026 EPSS Score
  • Feb 16, 2026 EPSS Score
  • Feb 18, 2026 EPSS Score
  • Feb 20, 2026 EPSS Score
  • Feb 22, 2026 EPSS Score
  • Feb 24, 2026 EPSS Score
  • Feb 26, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›