CVE-2025-42920
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-10-24
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | supplier_relationship_management | 7.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Scripting (XSS) issue in SAP Supplier Relationship Management. An unauthenticated attacker can create a malicious link that, when clicked by an authenticated user, causes malicious code to execute within the user's browser. This happens because the injected input is processed during page generation, allowing the attacker to run harmful scripts.
How can this vulnerability impact me? :
If an authenticated user clicks the malicious link, the attacker can execute malicious content in the user's browser, potentially accessing and modifying information within the browser's scope. This impacts the confidentiality and integrity of the user's data, although it does not affect system availability.