Description
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
Published: 2024-09-02
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-48772 A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
History

Fri, 13 Sep 2024 07:15:00 +0000

Type Values Removed Values Added
Description A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

Wed, 04 Sep 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared 3ds
3ds 3dexperience
CPEs cpe:2.3:a:3ds:3dexperience:r2024x:*:*:*:*:*:*:*
Vendors & Products 3ds
3ds 3dexperience

Tue, 03 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Dassault
Dassault 3dswymer 3dexperience 2024
CPEs cpe:2.3:a:dassault:3dswymer_3dexperience_2024:*:*:*:*:*:*:*:*
Vendors & Products Dassault
Dassault 3dswymer 3dexperience 2024
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 02 Sep 2024 12:00:00 +0000

Type Values Removed Values Added
Description A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
Title Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer on Release 3DEXPERIENCE R2024x
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 8.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N'}

Subscriptions

3ds 3dexperience
Dassault 3dswymer 3dexperience 2024
cve-icon MITRE

Status: PUBLISHED

Assigner: 3DS

Published:

Updated: 2024-09-13T07:02:11.678Z

Reserved: 2024-08-19T14:08:42.679Z

Link: CVE-2024-7932

cve-icon Vulnrichment

Updated: 2024-09-03T14:10:31.869Z

cve-icon NVD

Status : Modified

Published: 2024-09-02T12:15:20.130

Modified: 2024-09-13T07:15:06.800

Link: CVE-2024-7932

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses