CVE-2026-44757
MediumCVSS 4.7Summary
SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user’s browser within the context of the application.
Risk Assessment
This issue has a low impact on the confidentiality and integrity of the application with no impact on availability. However, it may lead to unauthorized code execution in the user's browser.
Recommendation
It is recommended to monitor and restrict access to the application and implement input validation to minimize the risk of exploitation of this vulnerability.
Original NVD description (English source)
SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in the user�s browser within the context of the application. This issue has a low impact on the confidentiality and integrity of the application with no impact on availability.

