CVE-2023-1996 MEDIUM

CVE-2023-1996: Reflected Cross-site Scripting (XSS) vulnerability affecting Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x

Vendor Dassault Systèmes
Product 3DEXPERIENCE
Weakness CWE-79 · XSS
Published May 19, 2023
Last update February 12, 2025
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.

Key dates

02Disclosure timeline

May 19, 2023 CVE published
February 12, 2025 Record updated