Arbitrary URL Redirection Vulnerability Affects 3DSwymer

CVE-2024-6379

6.1MEDIUM

Key Information

Vendor: Dassault Systèmes
Status: 3dswymer
Vendor: CVE Published:; 20 August 2024

Summary

A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

Affected Version(s)

3DSwymer <= Release 3DEXPERIENCE R2022x Golden

3DSwymer <= Release 3DEXPERIENCE R2023x Golden

3DSwymer <= Release 3DEXPERIENCE R2024x Golden

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Risk change from: 6.1 to: 7.7 - (HIGH)
Aug 27, 2024
Risk change from: 6.1 to: 7.7 - (HIGH)
Aug 27, 2024
Vulnerability published.
Aug 20, 2024
Vulnerability Reserved.
Jun 27, 2024

Collectors

NVD DatabaseMitre Database