A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
References
Link | Resource |
---|---|
https://www.3ds.com/vulnerability/advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
04 Sep 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
First Time |
3ds
3ds 3dexperience Enovia |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:3ds:3dexperience_enovia:r2022x:*:*:*:*:*:*:* cpe:2.3:a:3ds:3dexperience_enovia:r2023x:*:*:*:*:*:*:* cpe:2.3:a:3ds:3dexperience_enovia:r2024x:*:*:*:*:*:*:* |
|
References | () https://www.3ds.com/vulnerability/advisories - Vendor Advisory |
03 Sep 2024, 12:59
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
02 Sep 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-02 12:15
Updated : 2024-09-04 14:56
NVD link : CVE-2024-8004
Mitre link : CVE-2024-8004
CVE.ORG link : CVE-2024-8004
JSON object : View
Products Affected
3ds
- 3dexperience_enovia
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')