CNNVD-202602-1707 Information

CNNVD ID

CNNVD-202602-1707

Related CVE

CVE-2026-0505

• CNNVD Published: 2026-02-10

Description (Chinese)

SAP E-Recruiting BSP是德国思爱普（SAP）公司的一个招聘流程管理模块。 SAP E-Recruiting BSP存在跨站脚本漏洞，该漏洞源于用户控制的URL参数验证不足，可能导致未经验证的重定向到攻击者控制的网站。

Description (English)

SAP E-Recruiting BSP is a recruitment process management module of SAP Germany. SAP E-Recruiting BSP has a cross-site script loophole, which results from insufficient verification of user-controlled URL parameters and may lead to unverified re-direction to attacker-controlled websites.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

思爱普

Published

2026-02-10

Last Modified

2026-02-24

References

https://me.sap.com/notes/3678417 https://url.sap/sapsecuritypatchday https://access.redhat.com/security/cve/cve-2026-0505

Patch

https://me.sap.com/notes/3678417