CVE-2024-7939

Name of the Vulnerable Software and Affected Versions: 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x

Description: A stored Cross-site Scripting (XSS) vulnerability allows an attacker to execute arbitrary script code in a user's browser session. This issue affects the 3DSwym component in 3DSwymer on Release 3DEXPERIENCE R2024x, enabling an attacker to inject malicious code into the user's browser session.

Recommendations: For 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x, consider implementing input validation and sanitization to prevent the injection of malicious script code as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.