CVE-2024-6380

Name of the Vulnerable Software and Affected Versions ENOVIA Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x

Description A reflected Cross-site Scripting (XSS) vulnerability allows an attacker to execute arbitrary script code in a user's browser session. This issue affects ENOVIA Collaborative Industry Innovator and can be exploited by attackers to run malicious script code in user browsers.

Recommendations For versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2024x, consider disabling any features that may be leveraging reflective XSS functionalities until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.