5.4
CVE-2023-5599
- EPSS 0.47%
- Veröffentlicht 21.11.2023 10:15:08
- Zuletzt bearbeitet 21.11.2024 08:42:06
- Quelle 3DS.Information-Security@3ds.c
- CVE-Watchlists
- Unerledigt
LoginA stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dassault ≫ 3dswymer 3dexperience 2022 Versionfp.cfa.2337
Dassault ≫ 3dswymer 3dexperience 2023 Versionfp.cfa.2333
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.638 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| 3DS.Information-Security@3ds.com | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.