Stored Cross-site Scripting in ENOVIA Product Engineering Specialist by Dassault Systèmes
CVE-2025-0828
Currently unrated
What is CVE-2025-0828?
A stored Cross-site Scripting (XSS) vulnerability exists in the Engineering Release of the ENOVIA Product Engineering Specialist from Dassault Systèmes. This issue allows an attacker to inject and execute arbitrary scripts in the browser sessions of users, potentially leading to unauthorized access to sensitive data and manipulation of user experiences across affected versions, specifically in releases from 3DEXPERIENCE R2022x to R2024x. Proper mitigation strategies are necessary to safeguard against such security risks.