11 matches found
CVE-2023-1996
CVE-2023-1996 is a reflected XSS vulnerability affecting Dassault Systèmes 3DEXPERIENCE versions R2018x through R2023x. The issue enables an attacker to execute arbitrary script code via user-provided input in a reflected context. The CVSSv3.1 Base score is 6.1 (Medium) with network attack vector...
CVE-2024-7939
CVE-2024-7939 describes a stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Dassault Systèmes 3DEXPERIENCE Release R2024x. The connected sources identify the affected component as 3DSwym/3DSwymer within the R2024x release and confirm the vulnerability type as stored ...
CVE-2024-7932
CVE-2024-7932 is a stored XSS vulnerability in 3DSwymer’s 3DDashboard on the 3DEXPERIENCE R2024x release. The description notes that an attacker could cause arbitrary script execution in a user’s browser session. Affected software/component: 3DSwymer/3DDashboard integrated with 3DEXPERIENCE R2024...
CVE-2024-6378
CVE-2024-6378 is a reflected XSS vulnerability in ENOVIA Collaborative Industry Innovator affecting 3DEXPERIENCE R2022x through R2024x. The connected sources clearly identify the affected product and the underlying issue: a reflected cross-site scripting flaw that could cause arbitrary script exe...
CVE-2024-6379
CVE-2024-6379: A reflected Cross-site Scripting (XSS) vulnerability affects 3DSwymer in the 3DEXPERIENCE releases R2022x through R2024x. The issue enables execution of arbitrary script code in a user’s browser session. Connected sources also describe an associated open redirect vulnerability in 3...
CVE-2024-7938
CVE-2024-7938 is a stored XSS in 3DSwymer’s 3DDashboard affecting 3DEXPERIENCE R2023x through R2024x. The vulnerability stems from insecure handling of input in the dashboard, enabling arbitrary script execution in a user’s browser session. The PT-2024-38703 advisory explicitly lists the affected...
CVE-2024-6377
The CVE-2024-6377 entry describes an open redirect vulnerability in 3DPassport within 3DSwymer, affecting Release 3DEXPERIENCE R2022x through R2024x. The issue allows an attacker to redirect users to an arbitrary website via a crafted URL. Affected component/function is 3DPassport in 3DSwymer; ro...
CVE-2023-1997
CVE-2023-1997 describes an OS Command Injection vulnerability in SIMULIA 3DOrchestrate, affecting versions released in 3DEXPERIENCE R2021x through R2023x. The issue arises from a specially crafted HTTP request that can lead to arbitrary command execution, indicating a network-accessible vector wi...
CVE-2025-10551
ENOVIA Collaborative Industry Innovator – Document Management (3DEXPERIENCE) is affected by CVE-2025-10551 in releases R2023x through R2025x. It is a Stored XSS vulnerability that could allow an attacker to execute arbitrary script in a user’s browser session. CVSSv3.1 base score 8.7 (High): AV:N...
CVE-2025-10553
The CVE-2025-10553 entry applies to DELMIA Factory Resource Manager: Factory Resource Management within DELMIA’s 3DEXPERIENCE platform, affected from Release R2023x through R2025x. The vulnerability is a Stored Cross-site Scripting (XSS) flaw that can allow an attacker to execute arbitrary script...
CVE-2025-10559
CVE-2025-10559 is a path traversal flaw in the DELMIA Factory Resource Manager (Factory Resource Management) affecting Release 3DEXPERIENCE R2023x through R2025x. The vulnerability arises from improper validation of inputs to the resource management component, allowing an attacker to read or writ...