CVE-2026-24325 MEDIUM

CVE-2026-24325: Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console)

Vendor Sap_Se
Product SAP BusinessObjects Enterprise (Central Management Console)
Weakness CWE-79 · XSS
Published February 10, 2026
Last update February 10, 2026

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.This vulnerability has low impact on confidentiality and integrity of the data. There is no impact on the availability of the application.

Key dates

02Disclosure timeline

February 10, 2026 CVE published
February 10, 2026 Record updated