Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ENOVIA Specification Manager by Dassault Systèmes

    CVE-2025-10556 (GCVE-0-2025-10556)

    Vulnerability from nvd – Published: 2025-10-13 07:36 – Updated: 2025-10-14 14:56
    VLAI
    Title
    Stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x
    Summary
    A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes ENOVIA Specification Manager Affected: Release 3DEXPERIENCE R2023x Golden , ≤ Release 3DEXPERIENCE R2023x.FP.CFA.2514 (custom)
    Affected: Release 3DEXPERIENCE R2024x Golden , ≤ Release 3DEXPERIENCE R2024x.FP.CFA.2510 (custom)
    Affected: Release 3DEXPERIENCE R2025x Golden , ≤ Release 3DEXPERIENCE R2024x.FP.CFA.2514 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10556",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T14:54:52.624439Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T14:56:28.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ENOVIA Specification Manager",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2514",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2023x Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2510",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2024x Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2514",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2025x Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user\u0027s browser session."
                }
              ],
              "value": "A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user\u0027s browser session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T07:36:19.327Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10556"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-10556",
        "datePublished": "2025-10-13T07:36:19.327Z",
        "dateReserved": "2025-09-16T12:56:43.438Z",
        "dateUpdated": "2025-10-14T14:56:28.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-10556 (GCVE-0-2025-10556)

    Vulnerability from cvelistv5 – Published: 2025-10-13 07:36 – Updated: 2025-10-14 14:56
    VLAI
    Title
    Stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x
    Summary
    A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
    Assigner
    3DS
    Impacted products
    Vendor Product Version
    Dassault Systèmes ENOVIA Specification Manager Affected: Release 3DEXPERIENCE R2023x Golden , ≤ Release 3DEXPERIENCE R2023x.FP.CFA.2514 (custom)
    Affected: Release 3DEXPERIENCE R2024x Golden , ≤ Release 3DEXPERIENCE R2024x.FP.CFA.2510 (custom)
    Affected: Release 3DEXPERIENCE R2025x Golden , ≤ Release 3DEXPERIENCE R2024x.FP.CFA.2514 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-10556",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-14T14:54:52.624439Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-14T14:56:28.760Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "ENOVIA Specification Manager",
              "vendor": "Dassault Syst\u00e8mes",
              "versions": [
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2023x.FP.CFA.2514",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2023x Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2510",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2024x Golden",
                  "versionType": "custom"
                },
                {
                  "lessThanOrEqual": "Release 3DEXPERIENCE R2024x.FP.CFA.2514",
                  "status": "affected",
                  "version": "Release 3DEXPERIENCE R2025x Golden",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user\u0027s browser session."
                }
              ],
              "value": "A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user\u0027s browser session."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-13T07:36:19.327Z",
            "orgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
            "shortName": "3DS"
          },
          "references": [
            {
              "url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10556"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f5a594e6-46a7-4e60-8a08-0a786e70e433",
        "assignerShortName": "3DS",
        "cveId": "CVE-2025-10556",
        "datePublished": "2025-10-13T07:36:19.327Z",
        "dateReserved": "2025-09-16T12:56:43.438Z",
        "dateUpdated": "2025-10-14T14:56:28.760Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }