Lucene search
3DSCVELIST:CVE-2024-6378HistoryAug 20, 2024 - 1:45 p.m.
CVE-2024-6378 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
2024-08-2013:45:10
CWE-79
3DS
www.cve.org
6
cve-2024-6378
enovia
xss
vulnerability
3dexperience r2022x
3dexperience r2024x
attacker
script code
browser session.
CVSS3
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS
0
Percentile
14.7%
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in userβs browser session.
CNA Affected
[
{
"vendor": "Dassault Systèmes",
"product": "ENOVIA Collaborative Industry Innovator",
"versions": [
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2022x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2022x.FP.CFA.2424",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2023x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2419",
"versionType": "custom"
},
{
"status": "affected",
"version": "Release 3DEXPERIENCE R2024x Golden",
"lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2424",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
]References
Related
vulnrichment
vulnrichment
cve
cve
CVE-2024-6378
2024-08-20 14:15:10
nvd
nvd
CVE-2024-6378
2024-08-20 14:15:10
CVSS3
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
EPSS
0
Percentile
14.7%
Related for CVELIST:CVE-2024-6378