Lucene search
HistoryAug 20, 2024 - 2:15 p.m.
CVE-2024-6378
cve-2024-6378
reflected cross-site scripting
enovia collaborative industry innovator
r2022x
r2024x
arbitrary script code
browser session
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.7%
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user’s browser session.
Affected configurations
Node
3ds3dexperienceRanger2022x–r2024x
| Vendor | Product | Version | CPE |
|---|---|---|---|
| 3ds | 3dexperience | * | cpe:2.3:o:3ds:3dexperience:*:*:*:*:*:*:*:* |
References
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
14.7%
Related for NVD:CVE-2024-6378