PT-2025-49528 · Dassault Systèmes · Enovia Collaborative Industry Innovator+2
Published
2025-12-08
·
Updated
2025-12-09
·
CVE-2025-12956
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
ENOVIA Collaborative Industry Innovator versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x
Description
A reflected Cross-site Scripting (XSS) issue exists in ENOVIA Collaborative Industry Innovator. This allows an attacker to execute arbitrary script code within a user's browser session. The issue involves the potential execution of malicious code.
Recommendations
Versions prior to 3DEXPERIENCE R2022x are not affected.
Versions 3DEXPERIENCE R2022x through 3DEXPERIENCE R2025x should be updated.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
3Dexperience R2022X
3Dexperience R2025X
Enovia Collaborative Industry Innovator