Lucene search
3DSCVE-2024-7938HistorySep 02, 2024 - 12:15 p.m.
CVE-2024-7938
2024-09-0212:15:20
CWE-79
3DS
web.nvd.nist.gov
26
cross-site scripting
3dswymer
3dexperience r2023x
3dexperience r2024x
arbitrary script code
browser session
CVSS3
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
7.8
Confidence
High
EPSS
0
Percentile
14.7%
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in userβs browser session.
Affected configurations
Node
3ds3dexperienceMatchr2023x
OR3ds3dexperienceMatchr2024x
| Vendor | Product | Version | CPE |
|---|---|---|---|
| 3ds | 3dexperience | r2023x | cpe:2.3:a:3ds:3dexperience:r2023x:*:*:*:*:*:*:* |
| 3ds | 3dexperience | r2024x | cpe:2.3:a:3ds:3dexperience:r2024x:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Dassault Systèmes",
"product": "3DSwymer",
"versions": [
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2023x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2410",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2024x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2405",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]References
CVSS3
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
AI Score
7.8
Confidence
High
EPSS
0
Percentile
14.7%
Related for CVE-2024-7938