{"vulnerability": "CVE-2025-2665", "sightings": [{"uuid": "d89cbc0f-f52f-4ec9-aa6b-c7ebe8bd956a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26656", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lk3625yi5z2h", "content": "", "creation_timestamp": "2025-03-11T03:51:19.547078Z"}, {"uuid": "878a4448-f2e1-475a-866f-f5ab3c537ee8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26657", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10870", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26657\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability.\n\ud83d\udccf Published: 2025-04-08T07:13:16.882Z\n\ud83d\udccf Modified: 2025-04-08T07:13:16.882Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3568307\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-04-08T07:46:36.000000Z"}, {"uuid": "b07e3fef-0121-485f-9538-2fa6d6302013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26653", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10872", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26653\n\ud83d\udd25 CVSS Score: 4.7 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page, the injected script gets executed, potentially compromising the confidentiality and integrity within the scope of the victim\ufffds browser. Availability is not impacted.\n\ud83d\udccf Published: 2025-04-08T07:10:34.185Z\n\ud83d\udccf Modified: 2025-04-08T07:10:34.185Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3559307\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-04-08T07:46:38.000000Z"}, {"uuid": "51dd26d1-d673-49d2-b231-12682eada9f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2665", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ll3owtuqp726", "content": "", "creation_timestamp": "2025-03-24T02:18:52.079551Z"}, {"uuid": "dd7bd514-ae49-458d-9992-f91de550305a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26651", "type": "seen", "source": "https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review", "content": "", "creation_timestamp": "2025-04-08T16:14:25.000000Z"}, {"uuid": "895d97a2-ffb1-4531-8dae-4ce9b8459e62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26659", "type": "seen", "source": "https://t.me/cvedetector/20016", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26659 - SAP NetWeaver Application Server ABAP DOM-Based Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-26659 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, the malicious JavaScript payload executes in the scope of victim\ufffds browser potentially compromising their data and/or manipulating browser content. This leads to a limited impact on confidentiality and integrity. There is no impact on availability \nSeverity: 6.1 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:36.000000Z"}, {"uuid": "9dfcd285-d9d2-41b9-8d3e-2debea448fd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26658", "type": "seen", "source": "https://t.me/cvedetector/20015", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26658 - SAP Business One Session Hijacking Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26658 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to higher privilege and can read, modify and/or write new data. To gain authenticated sessions of other users, the attacker must invest considerable time and effort. This vulnerability has a high impact on the confidentiality and integrity of the application with no effect on the availability of the application. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:35.000000Z"}, {"uuid": "13d753e0-f712-41db-afba-5be247dae99a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26656", "type": "seen", "source": "https://t.me/cvedetector/20014", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26656 - SAP Manage Purchasing Info Records Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2025-26656 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:35.000000Z"}, {"uuid": "59e2b9e0-5b30-4658-a421-0d4e4c77e912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26655", "type": "seen", "source": "https://t.me/cvedetector/20013", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26655 - SAP JIT Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-26655 \nPublished : March 11, 2025, 1:15 a.m. | 24\u00a0minutes ago \nDescription : SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. \nSeverity: 3.1 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-11T03:24:34.000000Z"}, {"uuid": "ebff79e9-fc6e-4a06-9075-74c1964eb054", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26655", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7091", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26655\n\ud83d\udd25 CVSS Score: 3.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted.\n\ud83d\udccf Published: 2025-03-11T00:35:06.396Z\n\ud83d\udccf Modified: 2025-03-11T00:35:06.396Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3347991\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T01:41:34.000000Z"}, {"uuid": "a6aa6eeb-3bcb-46ac-b617-fdea205ce846", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26656", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7090", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26656\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application.\n\ud83d\udccf Published: 2025-03-11T00:35:18.381Z\n\ud83d\udccf Modified: 2025-03-11T00:35:18.381Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3474392\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T01:41:33.000000Z"}, {"uuid": "e7d94c61-acd1-482c-be27-24774535c7d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26654", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10871", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26654\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect.\n\ud83d\udccf Published: 2025-04-08T07:13:04.452Z\n\ud83d\udccf Modified: 2025-04-08T07:13:04.452Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3543274\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-04-08T07:46:37.000000Z"}, {"uuid": "f6c709bc-7ebc-4ba2-828b-a6018c51dbc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26654", "type": "seen", "source": "https://t.me/cvedetector/22432", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26654 - SAP Commerce Cloud HTTP to HTTPS Redirect Insecure Data Exposure\", \n  \"Content\": \"CVE ID : CVE-2025-26654 \nPublished : April 8, 2025, 8:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : SAP Commerce Cloud (Public Cloud) does not allow to disable unencrypted HTTP (port 80) entirely, but instead allows a redirect from port 80 to 443 (HTTPS). As a result, Commerce normally communicates securely over HTTPS. However, the confidentiality and integrity of data sent on the first request before the redirect may be impacted if the client is configured to use HTTP and sends confidential data on the first request before the redirect. \nSeverity: 6.8 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T11:29:21.000000Z"}, {"uuid": "bed29178-6aa3-416a-8ea8-b5e1cd0f00e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26653", "type": "seen", "source": "https://t.me/cvedetector/22431", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26653 - SAP NetWeaver Application Server ABAP Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2025-26653 \nPublished : April 8, 2025, 8:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an attacker, without requiring any privileges, to inject malicious JavaScript into a website. When a user visits the compromised page, the injected script gets executed, potentially compromising the confidentiality and integrity within the scope of the victim\ufffds browser. Availability is not impacted. \nSeverity: 4.7 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T11:29:20.000000Z"}, {"uuid": "31aeb6ff-297c-4280-ac38-5c389d30eb07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26657", "type": "seen", "source": "https://t.me/cvedetector/22428", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-26657 - SAP KMC WPC Information Disclosure\", \n  \"Content\": \"CVE ID : CVE-2025-26657 \nPublished : April 8, 2025, 8:15 a.m. | 1\u00a0hour, 7\u00a0minutes ago \nDescription : SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T11:29:15.000000Z"}, {"uuid": "334267ee-6fbb-4bd7-a66f-b71292e5382e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2665", "type": "seen", "source": "https://t.me/cvedetector/20920", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2665 - PHPGurukul Online Security Guards Hiring System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-2665 \nPublished : March 23, 2025, 10:15 p.m. | 20\u00a0minutes ago \nDescription : A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"23 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-24T00:00:32.000000Z"}, {"uuid": "b59c8f5d-5c55-47bb-9554-082f54dfdbd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26657", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5ciekjs2f", "content": "", "creation_timestamp": "2025-04-08T09:17:06.359580Z"}, {"uuid": "17daeceb-5a85-47fd-8fdc-ed93c877a236", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26654", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5cjxzha2g", "content": "", "creation_timestamp": "2025-04-08T09:17:07.154234Z"}, {"uuid": "a70a18b3-d08c-4d24-b3f3-5443021f008c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26653", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5ecmaco2c", "content": "", "creation_timestamp": "2025-04-08T09:18:07.751585Z"}, {"uuid": "a74b96b1-4436-4651-a54e-55491660622f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26652", "type": "seen", "source": "https://www.thezdi.com/blog/2025/4/8/the-april-2025-security-update-review", "content": "", "creation_timestamp": "2025-04-08T16:14:25.000000Z"}, {"uuid": "5ad91bea-54ed-4f60-ba79-0042f968ef40", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26651", "type": "seen", "source": "https://infosec.exchange/users/0patch/statuses/114829756983710868", "content": "", "creation_timestamp": "2025-07-10T15:57:22.155871Z"}, {"uuid": "8e8a758f-376c-46be-8fb4-ea2710604804", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "cve-2025-26651", "type": "seen", "source": "https://infosec.exchange/users/0patch/statuses/114829758492580951", "content": "", "creation_timestamp": "2025-07-10T15:57:43.338087Z"}, {"uuid": "cf02b7a7-b9a7-4a3e-af07-83d71836a36a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26658", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7089", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26658\n\ud83d\udd25 CVSS Score: 6.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to higher privilege and can read, modify and/or write new data. To gain authenticated sessions of other users, the attacker must invest considerable time and effort. This vulnerability has a high impact on the confidentiality and integrity of the application with no effect on the availability of the application.\n\ud83d\udccf Published: 2025-03-11T00:35:34.989Z\n\ud83d\udccf Modified: 2025-03-11T00:35:34.989Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3561045\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T01:41:32.000000Z"}, {"uuid": "1088eebc-4458-4612-9389-ec27ab412303", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-26659", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7088", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-26659\n\ud83d\udd25 CVSS Score: 6.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)\n\ud83d\udd39 Description: SAP NetWeaver Application Server ABAP does not sufficiently encode user-controlled inputs, leading to DOM-basedCross-Site Scripting (XSS) vulnerability. This allows an attacker with no privileges, to craft a malicious web message that exploits WEBGUI functionality. On successful exploitation, the malicious JavaScript payload executes in the scope of victim\ufffds browser potentially compromising their data and/or manipulating browser content. This leads to a limited impact on confidentiality and integrity. There is no impact on availability\n\ud83d\udccf Published: 2025-03-11T00:36:40.932Z\n\ud83d\udccf Modified: 2025-03-11T00:36:40.932Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3552824\n2. https://url.sap/sapsecuritypatchday", "creation_timestamp": "2025-03-11T01:41:27.000000Z"}]}