CVE-2026-0514

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.1%
top 70.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ConnectorSAP Business Connector
Timeline
PublishedJan 13

Description

Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redirected to a site controlled by the attacker. Successful exploitation could allow the attacker to access or modify information related to the webclient, impacting confidentiality and integrity, with no effect on availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5sap_se/sap_business_connectorSAP BC 4.8

🔴Vulnerability Details

2
CVEList
Cross-Site Scripting (XSS) vulnerability in SAP Business Connector2026-01-13
GHSA
GHSA-xmmh-wmh6-hp5h: Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link2026-01-13
CVE-2026-0514 (MEDIUM CVSS 6.1) | Due to a Cross-Site Scripting (XSS) | cvebase.io