CVE-2024-39595 MEDIUM

CVE-2024-39595: [CVE-2024-39594] Multiple Cross-Site Scripting (XSS) vulnerabilities in SAP Business Warehouse - Business Planning and Simulation

Vendor Sap_Se
Product SAP Business Warehouse - Business Planning and Simulation
Weakness CWE-79 · XSS
Published July 9, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP Business Warehouse - Business Planning and Simulation application does not sufficiently encode user-controlled inputs, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows users to modify website content and on successful exploitation, an attacker can cause low impact to the confidentiality and integrity of the application.

Key dates

02Disclosure timeline

July 9, 2024 CVE published
August 2, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-37918 WordPress ConeBlog plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability CVE-2023-1316 Cross-site Scripting (XSS) - Stored in osticket/osticket CVE-2025-1328 Typed JS: A typewriter style animation <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via typespeed Parameter CVE-2025-24781 WordPress WPJobBoard plugin <= 5.10.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-4965 Invitation Code Content Restriction Plugin from CreativeMinds <= 1.5.4 - Reflected Cross-Site Scripting