VDB
GCVE-VVD-NCSC-2026-113
GCVE-VVD-NCSC-2026-113
Advisory PublishedCVSS 6.1/10
An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the SAP Supplier Relationship Management SICF Handler, allowing execution of malicious scripts in users' browsers and compromising confidentiality and integrity.
Weaknesses (CWE)
CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')CWE-539Use of Persistent Cookies Containing Sensitive InformationCWE-862Missing AuthorizationCWE-94Improper Control of Generation of Code ('Code Injection')CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')CWE-601URL Redirection to Untrusted Site ('Open Redirect')CWE-522Insufficiently Protected CredentialsCWE-204Observable Response Discrepancy
Risk Scores
CVSS 3.1
6.1/10
Medium · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| SAP_SE | vers:unknown/* | — | — |
| SAP | vers:unknown/* | — | — |
Aliases
CVE-2026-24318CVE-2026-27672CVE-2026-27677CVE-2026-34264CVE-2026-34262CVE-2026-27673CVE-2026-27674CVE-2026-27681CVE-2026-27683CVE-2026-34256CVE-2026-27679CVE-2026-27678CVE-2026-27675CVE-2026-27676CVE-2026-0512CVE-2026-34261CVE-2026-34257
Transitive aliases
EUVD-2026-22140GHSA-rvmc-gf2q-j9mwGHSA-rqv3-6h29-j2m3EUVD-2026-22156TNCVE-2026-34264GHSA-2c34-jhww-wwcmTNCVE-2026-27676EUVD-2026-22154EUVD-2026-22149GHSA-wm9q-282x-pcmxTNCVE-2026-34256TNCVE-2026-27673TNCVE-2026-34261EUVD-2026-22144GHSA-fcjm-cm6x-4v66EUVD-2026-22174GHSA-qv8q-6q9m-8ch9EUVD-2026-22170TNCVE-2026-24318EUVD-2026-22147EUVD-2026-22150EUVD-2026-22168TNCVE-2026-27675TNCVE-2026-27678TNCVE-2026-27683TNCVE-2026-27674EUVD-2026-22173EUVD-2026-22138GHSA-58xj-93qq-mmvgEUVD-2026-22166GHSA-fwjv-3fw4-7x83TNCVE-2026-34257TNCVE-2026-27672GHSA-p322-q4fj-r244TNCVE-2026-0512EUVD-2026-22146GHSA-ghjj-x456-6m6fTNCVE-2026-27677GHSA-4587-27hr-9q42GHSA-8pxq-pw5m-8q7xTNCVE-2026-27679TNCVE-2026-27681GHSA-9jcw-cw9q-r69rGHSA-fg5q-rjfh-rr88TNCVE-2026-34262GHSA-pqj4-h6r8-qxjhEUVD-2026-22142EUVD-2026-22148EUVD-2026-22152GHSA-4c58-m4cg-6h2fGHSA-hvjp-3x5g-4g4f
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.