CVE-2026-0512Cross-site Scripting in SE SAP Supplier Relationship Management

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 78.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP SE SAP Supplier Relationship Management
Timeline
PublishedApr 14

Description

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed by a victim, results in execution of malicious content within the victim's browser. This could allow the attacker to access and modify information, impacting the confidentiality and integrity of the application, while availability remains unaffected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

CVEListV5sap_se/sap_supplier_relationship_management713, 714, SRM_SERVER 702+2

🔴Vulnerability Details

2
CVEList
Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog)2026-04-14
GHSA
GHSA-p322-q4fj-r244: Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attack2026-04-14
CVE-2026-0512 — Cross-site Scripting | cvebase