Lucene search

3DSCVELIST:CVE-2024-7932

HistorySep 02, 2024 - 11:48 a.m.

CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x

2024-09-0211:48:47

CWE-79

3DS

www.cve.org

cve-2024-7932

3dswymer

3dexperience r2024x

arbitrary script code

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

Percentile

14.7%

JSON

A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session.

CNA Affected

[
  {
    "vendor": "Dassault Systèmes",
    "product": "3DSwymer",
    "versions": [
      {
        "status": "affected",
        "version": "Release 3DEXPERIENCE R2024x Golden",
        "lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2405",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.3ds.com/vulnerability/advisories

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

EPSS

Percentile

14.7%

JSON

Related for CVELIST:CVE-2024-7932