CVE-2025-0057
published 2025-01-14CVE-2025-0057: SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo…
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of victim's web browser.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap_se | sap_netweaver_as_java | — | — |
| sap_se | sap_netweaver_as_java | — | — |
| sap_se | sap_netweaver_as_java | — | — |