exploitDog

CVE-2025-12956

Опубликовано: 08 дек. 2025

Источник: nvd

CVSS3: 8.7

CVSS3: 5.4

EPSS Низкий

Описание

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

Ссылки

https://www.3ds.com/trust-center/security/security-advisories/cve-2025-12956
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:3ds:3dexperience_enovia:*:*:*:*:*:*:*:*

Версия от r2022x (включая) до r2025x (включая)

EPSS

Процентиль: 11%

0.00037

Низкий

8.7 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-2rh7-xqm7-m994

CVSS3: 8.7

github

2 месяца назад

A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

EPSS

Процентиль: 11%

0.00037

Низкий

8.7 High

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79