CVE 6.1 MEDIUM

Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector_CVE-2025-42886

November 11, 2025 invoker category_cve
6.1 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

Due to a Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated victim accesses this link, the injected input is processed during web page generation, resulting in the execution of malicious content in the victim's browser context. This could allow the attacker to access or modify information within the victim๏ฟฝs browser scope, impacting confidentiality and integrity, while availability remains unaffected

Basic Information

ID CVE-2025-42886
Source sap
Published Nov 11, 2025 at 00:14

Affected Product

Vendor SAP_SE
Product SAP Business Connector
Version SAP BC 4.8
Affected Versions SAP_SE SAP Business Connector SAP BC 4.8

CWE Classification

CWE-79

References

๐Ÿ’ญ Join the Security Discussion

๐Ÿ”’ Your email address will not be published. Required fields are marked *

โš ๏ธ Please be respectful and constructive in your comments. Security discussions should remain professional.