CVSS: 4.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-0057 – Cross-Site Scripting vulnerability in SAP NetWeaver AS JAVA (User Admin Application)
https://notcve.org/view.php?id=CVE-2025-0057
14 Jan 2025 — SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of victim's web browser. • https://me.sap.com/notes/3514421 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22126 – Cross Site Scripting vulnerability in SAP NetWeaver AS Java (User Admin Application)
https://notcve.org/view.php?id=CVE-2024-22126
13 Feb 2024 — The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability. La aplicación User Admin de SAP NetWeaver AS para Java, versión 7.50, no valida lo suficiente y codifica incorrectamente los parámetros de la URL entrante antes de inclui... • https://me.sap.com/notes/3417627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •