Cross-site scripting in SAP NetWeaver AS ABAP - CVE-2026-44760
Published: July 14, 2026
SAP NetWeaver AS ABAP
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary script in a victim's browser.
The vulnerability exists due to cross-site scripting in applications based on Business Server Pages in SAP NetWeaver Application Server ABAP when rendering untrusted input. A remote attacker can trick the victim into opening crafted content to execute arbitrary script in a victim's browser.