EUVD-2026-22273

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

EUVD-2026-22274

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

CVE-2026-4345

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

CVE-2026-4344 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

CVE-2026-4344 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

CVE-2026-4345

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

CVE-2026-4345 Stored Cross-Site Scripting (XSS) Vulnerability in Design Name

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

CVE-2026-4345 Stored Cross-Site Scripting (XSS) Vulnerability in Design Name

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

CVE-2026-4345

CVE-2026-4345 describes a stored XSS flaw in Autodesk Fusion desktop: a malicious design name, when exported to CSV, can execute in the app’s process context and read local files. Affected: Fusion desktop application; vulnerability arises from stored payload in design names. CVSS base metrics ind...

CVE-2026-4369

The CVE-2026-4369 entry describes a Stored Cross-Site Scripting (XSS) vulnerability in Autodesk Fusion desktop app tied to a malicious payload in an assembly variant name. The vulnerability can be triggered when the affected variant name is rendered in the delete confirmation dialog, and a user c...

CVE-2026-4369

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

PT-2026-32645

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

Autodesk Fusion 跨站脚本漏洞

Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. Autodesk Fusion has a cross-site scripting vulnerability, which stems from malicious HTML payloads stored in the design names. This vulnerability can lead to storage-based cross-site scripting...

PT-2026-32646

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

Autodesk Fusion 跨站脚本漏洞

Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. Autodesk Fusion has a cross-site scripting vulnerability, which stems from malicious HTML payloads in variant names. This vulnerability may lead to stored-cross-site scripting attacks, allowin...

Autodesk Fusion 跨站脚本漏洞

Autodesk Fusion is a data management software platform developed by Autodesk, Inc. in the United States. Autodesk Fusion has a cross-site scripting vulnerability, which stems from malicious HTML payloads in component names. This vulnerability may lead to stored-xss attacks, allowing attackers to...

CVE-2026-0534

A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...