CVE-2024-12091

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x

Description A stored Cross-site Scripting (XSS) issue allows an attacker to execute arbitrary script code in a user's browser session. This can lead to unauthorized actions being taken on behalf of the user.

Recommendations For versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.