CVE-2025-4984

A stored Cross-site Scripting XSS vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-0602

A stored Cross-site Scripting XSS vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4985

A stored Cross-site Scripting XSS vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4988

A stored Cross-site Scripting XSS vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4983

A stored Cross-site Scripting XSS vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

CVE-2025-4988

A stored Cross-site Scripting XSS vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4985

A stored Cross-site Scripting XSS vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4986

A stored Cross-site Scripting XSS vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4983

A stored Cross-site Scripting XSS vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4984 Stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x

A stored Cross-site Scripting XSS vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4985

CVE-2025-4985 affects Dassault Systèmes Project Portfolio Manager (Risk Management) across 3DEXPERIENCE R2022x–R2025x, with a stored XSS vulnerability that allows script execution in a user’s browser. The root cause is stored XSS within Risk Management, enabling arbitrary script execution per the...

CVE-2025-4990

CVE-2025-4990 — Normal mode Affected: Change Governance in Product Manager (Dassault Systèmes 3DEXPERIENCE) from releases R2022x through R2025x. Vulnerability: Stored Cross-site Scripting (XSS) that allows an attacker to inject and execute arbitrary script in a user’s browser session. Root cause/...

CVE-2025-4991

CVE-2025-4991 : A stored XSS in Collaborative Industry Innovator’s 3D Markup affects 3DEXPERIENCE R2022x through R2025x. Attacker can execute arbitrary script in a user’s browser. A fix is not disclosed in the provided documents; one source suggests disabling 3D Markup until patch availability. N...

CVE-2025-4992 Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x

A stored Cross-site Scripting XSS vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2025-4992

CVE-2025-4992 is a stored XSS vulnerability in Service Items Management of Dassault Systèmes’ Service Process Engineer (3DEXPERIENCE R2024x through R2025x). The issue allows an attacker to execute arbitrary script code in an authenticated user’s browser session via the affected component/file, wi...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Mozilla Firefox ESR 128.11 MFSA 2025-44, bsc1243353: MFSA-TMP-2025-0001: Double-free in libvpx encoder bmo1962421 CVE-2025-5263: Error handling for script execution was incorrectly isolated from web content bmo1960745...

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

CVE-2025-41406

Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be executed on the web browser of the moderator user...

Uchida Yoko wivia 跨站脚本漏洞

The Uchida Yoko wivia is a presentation aid from Uchida Yoko Japan that wirelessly projects a computer screen to a display device such as a projector. A cross-site scripting vulnerability exists in Uchida Yoko wivia that originates from cross-site scripting and could lead to the execution of...