exploitDog

CVE-2025-27379

Опубликовано: 22 янв. 2026

Источник: nvd

CVSS3: 6.8

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.

Ссылки

https://www.altium.com/platform/security-compliance/security-advisories

EPSS

Процентиль: 10%

0.00035

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-w5qj-7xqm-q39c

CVSS3: 6.8

github

17 дней назад

A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.

EPSS

Процентиль: 10%

0.00035

Низкий

6.8 Medium

CVSS3

Дефекты

CWE-79