{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-42962", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-04-16T13:25:42.157Z", "datePublished": "2025-07-08T00:35:36.037Z", "dateUpdated": "2025-07-08T16:14:06.533Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Business Warehouse (Business Explorer Web 3.5 loading animation)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "DW4CORE 100"}, {"status": "affected", "version": "200"}, {"status": "affected", "version": "300"}, {"status": "affected", "version": "400"}, {"status": "affected", "version": "916"}, {"status": "affected", "version": "SAP_BW 730"}, {"status": "affected", "version": "731"}, {"status": "affected", "version": "740"}, {"status": "affected", "version": "750"}, {"status": "affected", "version": "751"}, {"status": "affected", "version": "752"}, {"status": "affected", "version": "753"}, {"status": "affected", "version": "754"}, {"status": "affected", "version": "756"}, {"status": "affected", "version": "757"}, {"status": "affected", "version": "758"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.</p>"}], "value": "SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-07-08T00:35:36.037Z"}, "references": [{"url": "https://me.sap.com/notes/3604212"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Cross-Site Scripting (XSS) vulnerability in SAP Business Warehouse (Business Explorer Web 3.5 loading animation)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-08T14:30:21.515728Z", "id": "CVE-2025-42962", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T16:14:06.533Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-42962", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-08T14:30:21.515728Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T14:30:23.515Z"}}], "cna": {"title": "Cross-Site Scripting (XSS) vulnerability in SAP Business Warehouse (Business Explorer Web 3.5 loading animation)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Business Warehouse (Business Explorer Web 3.5 loading animation)", "versions": [{"status": "affected", "version": "DW4CORE 100"}, {"status": "affected", "version": "200"}, {"status": "affected", "version": "300"}, {"status": "affected", "version": "400"}, {"status": "affected", "version": "916"}, {"status": "affected", "version": "SAP_BW 730"}, {"status": "affected", "version": "731"}, {"status": "affected", "version": "740"}, {"status": "affected", "version": "750"}, {"status": "affected", "version": "751"}, {"status": "affected", "version": "752"}, {"status": "affected", "version": "753"}, {"status": "affected", "version": "754"}, {"status": "affected", "version": "756"}, {"status": "affected", "version": "757"}, {"status": "affected", "version": "758"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3604212"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2025-07-08T00:35:36.037Z"}}}, "cveMetadata": {"cveId": "CVE-2025-42962", "state": "PUBLISHED", "dateUpdated": "2025-07-08T16:14:06.533Z", "dateReserved": "2025-04-16T13:25:42.157Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2025-07-08T00:35:36.037Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within the scope of victim\ufffds browser. This potentially leads to an impact on confidentiality and integrity. Availability is not impacted."}, {"lang": "es", "value": "SAP Business Warehouse (Business Explorer Web) permite a un atacante crear un enlace malicioso. Si un usuario autenticado hace clic en este enlace, el script inyectado se ejecuta en el navegador de la v\u00edctima. Esto podr\u00eda afectar la confidencialidad y la integridad. La disponibilidad no se ve afectada."}], "id": "CVE-2025-42962", "lastModified": "2025-07-08T16:18:14.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2025-07-08T01:15:22.937", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3604212"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@sap.com", "type": "Primary"}]}

{}