Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result, the vulnerability has a low impact on confidentiality and integrity and no impact on availability.

Basic Information

ID CVE-2025-42872

Source sap

Published Dec 9, 2025 at 02:13

Affected Product

Vendor SAP_SE

Product SAP NetWeaver Enterprise Portal

Version EP-RUNTIME 7.50

Affected Versions SAP_SE SAP NetWeaver Enterprise Portal EP-RUNTIME 7.50

CWE Classification

CWE-489

References

{
    "lastseen": "",
    "description": "Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users\ufffd browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result, the vulnerability has a low impact on confidentiality and integrity and no impact on availability.",
    "published": "2025-12-09T02:13:55.550Z",
    "modified": "2025-12-09T02:13:55.550Z",
    "type": "cve",
    "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal",
    "source": "sap",
    "references": "https://me.sap.com/notes/3662622\nhttps://url.sap/sapsecuritypatchday",
    "id": "CVE-2025-42872",
    "bulletinFamily": "",
    "cwe": [
        "CWE-489"
    ],
    "cvelist": null,
    "sourceData": "SAP_SE SAP NetWeaver Enterprise Portal EP-RUNTIME 7.50",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "SAP NetWeaver Enterprise Portal",
    "version": "EP-RUNTIME 7.50",
    "vendor": "SAP_SE",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal_CVE-2025-42872