6664 matches found
CVE-2024-7939
A stored Cross-site Scripting XSS vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-7938
A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-8004
CVE-2024-8004 describes a stored Cross-site Scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator spanning releases from 3DEXPERIENCE R2022x to R2024x . The issue allows an attacker to execute arbitrary script in a user’s browser session when malicious input is stored and rende...
CVE-2024-7939
CVE-2024-7939 describes a stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Dassault Systèmes 3DEXPERIENCE Release R2024x. The connected sources identify the affected component as 3DSwym/3DSwymer within the R2024x release and confirm the vulnerability type as stored ...
CVE-2024-7938
CVE-2024-7938 is a stored XSS in 3DSwymer’s 3DDashboard affecting 3DEXPERIENCE R2023x through R2024x. The vulnerability stems from insecure handling of input in the dashboard, enabling arbitrary script execution in a user’s browser session. The PT-2024-38703 advisory explicitly lists the affected...
CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x
A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-7932 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x
A stored Cross-site Scripting XSS vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-20488
Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME) are affected by a cross-site scripting (XSS) vulnerability in their web-based management interface. The issue stems from improper input validation, allowing an unauthenticated, remote atta...
CVE-2024-20488 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...
CVE-2024-20488 Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...
CVE-2024-6378
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-6377
An URL redirection to untrusted site open redirect vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL...
CVE-2024-6377
The CVE-2024-6377 entry describes an open redirect vulnerability in 3DPassport within 3DSwymer, affecting Release 3DEXPERIENCE R2022x through R2024x. The issue allows an attacker to redirect users to an arbitrary website via a crafted URL. Affected component/function is 3DPassport in 3DSwymer; ro...
CVE-2024-6377 URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
An URL redirection to untrusted site open redirect vulnerability affecting 3DPassport in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to redirect users to an arbitrary website via a crafted URL...
CVE-2024-6378
CVE-2024-6378 is a reflected XSS vulnerability in ENOVIA Collaborative Industry Innovator affecting 3DEXPERIENCE R2022x through R2024x. The connected sources clearly identify the affected product and the underlying issue: a reflected cross-site scripting flaw that could cause arbitrary script exe...
CVE-2024-6378 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-6378 Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x
A reflected Cross-site Scripting XSS vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session...
CVE-2024-20443
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affect...
CVE-2024-22444
A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a...