Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.1
SAP BusinessObjects lets attackers inject malicious JavaScript
CVE-2026-27683
Summary
An attacker with a valid login can trick users into running malicious code in their web browser, potentially exposing sensitive information. This means that a logged-in user can be tricked into revealing confidential data. To protect against this, ensure that users only click on URLs from trusted sources.
Original title
SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script execu...
Original description
SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact on confidentiality with no impact on integrity and availability.
nvd CVSS3.1
4.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026