CVE-2023-1996 - Vulnerability Details - OpenCVE

A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00368.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
3ds Subscribe	3dexperience Subscribe

Configuration 1 [-]

cpe:2.3:a:3ds:3dexperience:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-24176	A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.3ds.com/vulnerability/advisories

History

Wed, 12 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: 3DS

Published: 2023-05-19T16:37:20.133Z

Updated: 2025-02-12T16:26:33.345Z

Reserved: 2023-04-12T09:28:12.107Z

Link: CVE-2023-1996

Vulnrichment

Updated: 2024-08-02T06:05:27.108Z

NVD

Status : Modified

Published: 2023-05-19T17:15:09.097

Modified: 2024-11-21T07:40:18.477

Link: CVE-2023-1996

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1996", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "state": "PUBLISHED", "assignerShortName": "3DS", "dateReserved": "2023-04-12T09:28:12.107Z", "datePublished": "2023-05-19T16:37:20.133Z", "dateUpdated": "2025-02-12T16:26:33.345Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2023-07-12T07:19:15.343Z"}, "title": "Reflected Cross-site Scripting (XSS) vulnerability affecting Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "3DEXPERIENCE", "versions": [{"status": "affected", "version": "Release 3DEXPERIENCE R2018x - All levels"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2019x - All levels"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2020x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2020x.FP.CFA.2303", "versionType": "custom"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2021x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2021x.FP.CFA.2306", "versionType": "custom"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2022x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2022x FP.CFA.2250", "versionType": "custom"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2023x Golden", "lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2306", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code."}]}], "references": [{"url": "https://www.3ds.com/vulnerability/advisories"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "credits": [{"lang": "en", "value": "Bhashit Pandya from Ownux Global", "user": "00000000-0000-4000-9000-000000000000", "type": "finder"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:27.108Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.3ds.com/vulnerability/advisories", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T18:14:07.270840Z", "id": "CVE-2023-1996", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T16:26:33.345Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.3ds.com/vulnerability/advisories", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T06:05:27.108Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1996", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-21T18:14:07.270840Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T16:26:14.711Z"}}], "cna": {"title": "Reflected Cross-site Scripting (XSS) vulnerability affecting Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bhashit Pandya from Ownux Global"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Dassault Syst\u00e8mes", "product": "3DEXPERIENCE", "versions": [{"status": "affected", "version": "Release 3DEXPERIENCE R2018x - All levels"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2019x - All levels"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2020x Golden", "versionType": "custom", "lessThanOrEqual": "Release 3DEXPERIENCE R2020x.FP.CFA.2303"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2021x Golden", "versionType": "custom", "lessThanOrEqual": "Release 3DEXPERIENCE R2021x.FP.CFA.2306"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2022x Golden", "versionType": "custom", "lessThanOrEqual": "Release 3DEXPERIENCE R2022x FP.CFA.2250"}, {"status": "affected", "version": "Release 3DEXPERIENCE R2023x Golden", "versionType": "custom", "lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2306"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.3ds.com/vulnerability/advisories"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.", "supportingMedia": [{"type": "text/html", "value": "A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "shortName": "3DS", "dateUpdated": "2023-07-12T07:19:15.343Z"}}}, "cveMetadata": {"cveId": "CVE-2023-1996", "state": "PUBLISHED", "dateUpdated": "2025-02-12T16:26:33.345Z", "dateReserved": "2023-04-12T09:28:12.107Z", "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433", "datePublished": "2023-05-19T16:37:20.133Z", "assignerShortName": "3DS"}, "dataVersion": "5.1"}