A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
History

Wed, 16 Oct 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Dassult
Dassult enovia Collaborative Industry Innovator
CPEs cpe:2.3:a:dassult:enovia_collaborative_industry_innovator:*:*:*:*:*:*:*:*
Vendors & Products Dassult
Dassult enovia Collaborative Industry Innovator
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 16 Oct 2024 11:45:00 +0000

Type Values Removed Values Added
Description A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
Title Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: 3DS

Published: 2024-10-16T11:28:28.769Z

Updated: 2024-10-16T16:18:04.990Z

Reserved: 2024-06-27T08:01:26.423Z

Link: CVE-2024-6380

cve-icon Vulnrichment

Updated: 2024-10-16T16:17:55.407Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-16T12:15:08.767

Modified: 2024-10-16T16:38:14.557

Link: CVE-2024-6380

cve-icon Redhat

No data.