CVE-2025-26662 MEDIUM

CVE-2025-26662: Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console

Vendor Sap_Se

Product SAP Data Services Management Console

Weakness CWE-79 · XSS

Published May 13, 2025

Last update November 7, 2025

View on NVD All CVEs

CVSS base score

4.4/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.

Key dates

02Disclosure timeline

May 13, 2025 CVE published

November 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-26662

Related vulnerabilities

Identifiers

CVE CVE-2025-26662

CWE CWE-79

CVSS 4.4 / MEDIUM

Affected versions