213 matches found
CVE-2025-4989
CVE-2025-4989 is a stored XSS vulnerability affecting Dassault Systèmes Product Manager (Requirements in 3DEXPERIENCE R2022x–R2025x). The available connected sources confirm a stored XSS flaw in Product Manager’s Requirements that could cause arbitrary script execution in a user’s browser session...
CVE-2025-4990 Stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4990
CVE-2025-4990 — Normal mode Affected: Change Governance in Product Manager (Dassault Systèmes 3DEXPERIENCE) from releases R2022x through R2025x. Vulnerability: Stored Cross-site Scripting (XSS) that allows an attacker to inject and execute arbitrary script in a user’s browser session. Root cause/...
CVE-2025-4990 Stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4991 Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4992 Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x
A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-4992
CVE-2025-4992 is a stored XSS vulnerability in Service Items Management of Dassault Systèmes’ Service Process Engineer (3DEXPERIENCE R2024x through R2025x). The issue allows an attacker to execute arbitrary script code in an authenticated user’s browser session via the affected component/file, wi...
PT-2025-23300 · Unknown · 3Dexperience
Name of the Vulnerable Software and Affected Versions: 3DEXPERIENCE versions R2022x through R2025x Description: A stored Cross-site Scripting XSS vulnerability affects Model Definition in Product Manager, allowing an attacker to execute arbitrary script code in a user's browser session. This issu...
Dassault Systèmes City Referential Manager 跨站脚本漏洞
Dassault Systèmes City Referential Manager is a City Referential Manager from Dassault Systèmes France. A cross-site scripting vulnerability exists in Dassault Systèmes City Referential Manager 3DEXPERIENCE version R2025x, which originates from stored cross-site scripting and could lead to...
PT-2025-23298
Name of the Vulnerable Software and Affected Versions City Referential Manager versions 3DEXPERIENCE R2025x Description A stored Cross-site Scripting XSS issue affects City Discover within City Referential Manager. Exploitation allows an attacker to execute arbitrary script code within a user's...
PT-2025-23303 · Ds Systemes · Change Governance In Product Manager
Name of the Vulnerable Software and Affected Versions: Change Governance in Product Manager versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x Description: A stored Cross-site Scripting XSS issue allows an attacker to execute arbitrary script code in a user's browser session. This affects...
CVE-2023-5598
Stored Cross-site Scripting XSS vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code...
CVE-2023-5597
A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code...
CVE-2023-1996
A reflected Cross-site Scripting XSS vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code...
Citrix Virtual Apps and Desktops - 3DExperience application crashes randomly inside ICA Session
Users might see that the 3DExperience.exe application from Dassault Systems crash randomly inside the ICA Session. The problem started after a major network outage...
CVE-2025-0600
A stored Cross-site Scripting XSS vulnerability affecting Product Explorer in ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-0828
A stored Cross-site Scripting XSS vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-0827
A stored Cross-site Scripting XSS vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-0595
A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2025-0830
A stored Cross-site Scripting XSS vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...