CVE-2026-0505

CWE-79 — Cross-site Scripting (XSS)2 documents2 sources

6.1

CVSS

MEDIUM

EPSS0.0%(8th)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶NVDsap/erp618

▶NVDsap/s4core7 versions+6

▶NVDsap/document_management_system7 versions+6

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

NVD ↗MITRE ↗

🔴Vulnerability Details

CVEList

Multiple vulnerabilities in BSP Applications of SAP Document Management System↗2026-02-10

▶