CVE-2025-10554 HIGH

CVE-2025-10554: Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x

Vendor Dassault Systèmes
Product ENOVIA Product Manager
Weakness CWE-79 · XSS
Published November 24, 2025
Last update November 24, 2025
View on NVD All CVEs

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

Key dates

02Disclosure timeline

November 24, 2025 CVE published
November 24, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-4470 SourceCodester Online Student Clearance System add-student.php cross site scripting CVE-2026-2384 Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-30614 Improper Neutralization of Script-Related HTML Tags in a Web Page in pay CVE-2026-1575 Schema Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-8783 Contact Manager <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title'