GHSA-x3mg-9rgw-9jmg

GHSA-x3mg-9rgw-9jmg PUBLISHED CVSS 6.099999904632568 MEDIUM

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting (XSS) vulnerability. This issue had a low impact on the confidentiality and integrity of the application with no impact on availability.

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Timeline

Mar 10, 2026 CVE Published
Apr 10, 2026 Security Advisory

References

https://nvd.nist.gov/vuln/detail/CVE-2026-0489 advisory
https://me.sap.com/notes/3693543 url
https://url.sap/sapsecuritypatchday url

Open in Interactive Console →