CVE-2025-26662 – Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console

https://notcve.org/view.php?id=CVE-2025-26662

13 May 2025 — The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted. • https://me.sap.com/notes/3558755 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •