7.6
CVE-2025-27380
- EPSS 0.04%
- Veröffentlicht 22.01.2026 01:28:24
- Zuletzt bearbeitet 26.02.2026 21:23:01
- Quelle 4760f414-e1ae-4ff1-bdad-c7a9c3
- CVE-Watchlists
- Unerledigt
LoginHTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Altium ≫ On-prem Enterprise Server Version >= 7.0.3 < 7.0.6
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.115 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 4760f414-e1ae-4ff1-bdad-c7a9c3538b79 | 7.6 | 2.3 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.