CVE-2026-0489 MEDIUM

CVE-2026-0489: DOM-based Cross-Site Scripting (XSS) Vulnerability in SAP Business One (Job Service)

Vendor Sap_Se
Product SAP Business One (Job Service)
Weakness CWE-79 · XSS
Published March 10, 2026
Last update March 10, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting (XSS) vulnerability. This issue had a low impact on the confidentiality and integrity of the application with no impact on availability.

Key dates

02Disclosure timeline

March 10, 2026 CVE published
March 10, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-22766 WordPress Zarinpal Paid Download Plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-31468 WordPress WP_Identicon plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-46900 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-1426 Element Pack Elementor Addons (Header Footer, Free Template Library, Grid, Carousel, Table, Parallax Animation, Register Form, Twitter Grid) <= 5.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Price List Widget CVE-2024-8107 Slider Revolution <= 6.7.18 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload