CVE-2025-42962
MEDIUMSAP Business Warehouse Business Explorer Web 3.5 - Stored Cross-Site Scripting via Loading Animation
Title source: llmDescription
SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim�s browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.
References (2)
Core 2
Core References
Vendor Advisory
https://me.sap.com/notes/3604212
Vendor Advisory
https://url.sap/sapsecuritypatchday
Scores
CVSS v3
6.1
EPSS
0.0019
EPSS Percentile
40.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (16)
SAP_SE/SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
200
SAP_SE/SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
300
SAP_SE/SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
400
SAP_SE/SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
731
SAP_SE/SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
740
SAP_SE/SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
750
SAP_SE/SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
751
SAP_SE/SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
752
SAP_SE/SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
753
SAP_SE/SAP Business Warehouse (Business Explorer Web 3.5 loading animation)
754
... and 6 more
Published
Jul 08, 2025
Tracked Since
Feb 18, 2026