CVE-2025-42962Cross-site Scripting in SE SAP Business Warehouse

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 85.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Business Warehouse
Timeline
PublishedJul 8

Description

SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

CVEListV5sap_se/sap_business_warehouse16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-q93r-4rqq-mxc7: SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link2025-07-08
CVEList
Cross-Site Scripting (XSS) vulnerability in SAP Business Warehouse (Business Explorer Web 3.5 loading animation)2025-07-08
CVE-2025-42962 — Cross-site Scripting | cvebase