CVE-2026-27683

MEDIUM NVD

CVSS Score 4.1

Severity MEDIUM

Published Apr 14, 2026

Vendor unknown

Description

SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes in the user�s browser, potentially exposing restricted information. This results in a low impact on confidentiality with no impact on integrity and availability.

References

https://me.sap.com/notes/3698216
https://url.sap/sapsecuritypatchday