CVE-2026-0505 MEDIUM

CVE-2026-0505: Multiple vulnerabilities in BSP Applications of SAP Document Management System

Vendor Sap_Se
Product SAP Document Management System
Weakness CWE-79 · XSS
Published February 10, 2026
Last update February 10, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not sufficiently validated. This could result in unvalidated redirection to attacker-controlled websites, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.

Key dates

02Disclosure timeline

February 10, 2026 CVE published
February 10, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-38698 WordPress SKT Skill Bar plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-24610 WordPress Restrict Anonymous Access Plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability CVE-2022-0205 YOP Poll < 6.3.5 - Author+ Stored Cross-Site Scripting CVE-2025-11733 Footnotes Made Easy <= 3.0.7 - Unauthenticated Stored Cross-Site Scripting CVE-2025-47656 WordPress Spiraclethemes Site Library plugin <= 1.5.4 - Cross Site Scripting (XSS) Vulnerability