Sap Se Sap Document Management System vulnerabilities

CVE-2026-24323 [MEDIUM] CWE-601 CVE-2026-24323: The BSP applications allow an unauthenticated user to inject malicious script content via user-contr The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality and integrity, and no impact on the availability of the

CVE-2026-0505 [MEDIUM] CWE-79 CVE-2026-0505: The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.