Product
An unauthenticated attacker can exploit a cross-site scripting (XSS) vulnerability (CVE-2026-44752) in SAP NetWeaver Application Server Java by injecting malicious JavaScript through crafted URLs, leading to client-side script execution, access to sensitive session information, and modification of non-sensitive data, resulting in high confidentiality impact and low integrity impact.