CVE-2025-43006 — Cross-site Scripting in SE SAP Supplier Relationship Management

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.4%

top 36.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Supplier Relationship Management

Timeline

PublishedMay 13

Description

SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶CVEListV5sap_se/sap_supplier_relationship_managementSRM_MDM_CAT 7.52

🔴Vulnerability Details

GHSA

GHSA-cww2-f4cr-g22m: SAP Supplier Relationship Management (Master Data Management Catalogue) allows an unauthenticated attacker to execute malicious scripts in the applica↗2025-05-13

▶

CVEList

Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog)↗2025-05-13

▶