CVE-2025-42973
- EPSS 0.04%
- Published 08.07.2025 00:37:10
- Last modified 08.07.2025 16:18:14
Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting requests, malicious script can be injected an...
CVE-2025-26662
- EPSS 0.05%
- Published 13.05.2025 00:09:05
- Last modified 13.05.2025 19:35:25
The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks on the compromised link, the injected script gets exec...
CVE-2022-35226
- EPSS 0.81%
- Published 11.10.2022 21:15:12
- Last modified 21.11.2024 07:10:55
SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to...
CVE-2018-2466
- EPSS 0.4%
- Published 09.10.2018 13:29:00
- Last modified 21.11.2024 04:03:51
In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability.