CVE-2026-9024 HIGH

CVE-2026-9024: Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x

Vendor Dassault Systèmes
Product DELMIA Service Process Engineer
Weakness CWE-79 · XSS
Published June 1, 2026
Last update June 1, 2026
View on NVD All CVEs

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session.

Key dates

02Disclosure timeline

June 1, 2026 CVE published
June 1, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-37556 WordPress WordPress Notification Bar plugin <= 1.3.10 - Cross Site Scripting (XSS) vulnerability CVE-2025-2981 Legrand SMS PowerView cross site scripting CVE-2024-51708 WordPress Narnoo Commerce Manager plugin <= 1.6.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-5532 A stored XSS vulnerability has been discovered on OpenText™ Operations Agent (OA). CVE-2023-35882 WordPress Super Socializer Plugin <= 7.13.52 is vulnerable to Cross Site Scripting (XSS)