Lucene search

3DSVULNRICHMENT:CVE-2023-5599

HistoryNov 21, 2023 - 9:28 a.m.

CVE-2023-5599 Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x

2023-11-2109:28:35

CWE-79

3DS

github.com

cve-2023-5599

3dswymer

3dexperience r2022x

3dexperience r2023x

attacker

arbitrary script code

vulnerability

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.

CNA Affected

[
  {
    "vendor": "Dassault Systèmes",
    "product": "3DSwymer",
    "versions": [
      {
        "status": "affected",
        "version": "Release 3DEXPERIENCE R2022x Golden",
        "versionType": "custom",
        "lessThanOrEqual": "Release 3DEXPERIENCE R2022x.FP.CFA.2337"
      },
      {
        "status": "affected",
        "version": "Release 3DEXPERIENCE R2023x Golden",
        "versionType": "custom",
        "lessThanOrEqual": "Release 3DEXPERIENCE R2023x FP.CFA.2333"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.3ds.com/vulnerability/advisories