Vulnerability Details CVE-2026-24323
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL, the injected script is executed in the victim�s browser, leading to a low impact on confidentiality and integrity, and no impact on the availability of the application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.4%
CVSS Severity
CVSS v3 Score 6.1
Products affected by CVE-2026-24323
-
cpe:2.3:a:sap:document_management_system:600
-
cpe:2.3:a:sap:document_management_system:602
-
cpe:2.3:a:sap:document_management_system:603
-
cpe:2.3:a:sap:document_management_system:604
-
cpe:2.3:a:sap:document_management_system:605
-
cpe:2.3:a:sap:document_management_system:606
-
cpe:2.3:a:sap:document_management_system:617
-
cpe:2.3:a:sap:erp:618
-
cpe:2.3:a:sap:s4core:102
-
cpe:2.3:a:sap:s4core:103
-
cpe:2.3:a:sap:s4core:104
-
cpe:2.3:a:sap:s4core:105
-
cpe:2.3:a:sap:s4core:106
-
cpe:2.3:a:sap:s4core:107
-
cpe:2.3:a:sap:s4core:108