20 matches found
CVE-2025-10551
ENOVIA Collaborative Industry Innovator – Document Management (3DEXPERIENCE) is affected by CVE-2025-10551 in releases R2023x through R2025x. It is a Stored XSS vulnerability that could allow an attacker to execute arbitrary script in a user’s browser session. CVSSv3.1 base score 8.7 (High): AV:N...
CVE-2025-10554
Summary: CVE-2025-10554 affects Dassault Systèmes ENOVIA Product Manager (3DEXPERIENCE) in the Requirements area from R2023x to R2025x. It is a stored XSS vulnerability that allows an attacker to execute arbitrary script code in a user’s browser session. The provided documents do not specify the ...
CVE-2025-4987 Stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4992
A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4991
A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4989
A stored Cross-site Scripting XSS vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4990
A stored Cross-site Scripting XSS vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-0602 Stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-0602 Stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4983 Stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4983
CVE-2025-4983 is a stored Cross-site Scripting (XSS) vulnerability affecting City Referential Manager on Release 3DEXPERIENCE R2025x. The issue concerns the City Referential component, with the underlying impact being arbitrary script execution in a user’s browser session. The provided metrics in...
CVE-2025-4983 Stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4984
CVE-2025-4984 describes a stored XSS vulnerability in City Discover within City Referential Manager on Release 3DEXPERIENCE R2025x. The issue affects City Discover/City Referential Manager components and could allow an attacker to execute arbitrary script code in a user’s browser session. The lin...
CVE-2025-4986 Stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4990 Stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4991 Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4992 Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4992
CVE-2025-4992 is a stored XSS vulnerability in Service Items Management of Dassault Systèmes’ Service Process Engineer (3DEXPERIENCE R2024x through R2025x). The issue allows an attacker to execute arbitrary script code in an authenticated user’s browser session via the affected component/file, wi...
PT-2025-23303 · Ds Systemes · Change Governance In Product Manager
Name of the Vulnerable Software and Affected Versions: Change Governance in Product Manager versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x Description: A stored Cross-site Scripting XSS issue allows an attacker to execute arbitrary script code in a user's browser session. This affects...
PT-2025-23298
Name of the Vulnerable Software and Affected Versions City Referential Manager versions 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue affects City Discover within City Referential Manager. Exploitation allows an attacker to execute arbitrary script code within a user's...