Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
SAP Business One Job Service allows malicious URL input from users
CVE-2026-0489
Summary
An attacker can inject malicious code into the SAP Business One Job Service by manipulating URLs, potentially stealing user data or taking control of the user's session. This affects unauthenticated users, so anyone can try to exploit it. To protect your system, update the SAP Business One Job Service as soon as possible.
Original title
Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upo...
Original description
Due to insufficient validation of user-controlled input in the URLs query parameter. SAP Business One Job Service could allow an unauthenticated attacker to inject specially crafted input which upon user interaction could result in a DOM-based Cross-Site Scripting (XSS) vulnerability. This issue had a low impact on the confidentiality and integrity of the application with no impact on availability.
nvd CVSS3.1
6.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026