- Description
- A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
- Source
- 3DS.Information-Security@3ds.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.7
- Impact score
- 5.8
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
- Severity
- HIGH
- 3DS.Information-Security@3ds.com
- CWE-79
- Hype score
- Not currently trending
CVE-2025-4992 A stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPE… https://t.co/lOnLEJpEU2
@CVEnew
30 May 2025
289 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4992: HIGH] Critical flaw in Service Process Engineer from Release 3DEXPERIENCE R2024x to R2025x exposes users to stored XSS attacks, enabling hackers to run malicious scripts in browsers. #cybersecu...#cve,CVE-2025-4992,#cybersecurity https://t.co/1mWwgIrdGI https://t.
@CveFindCom
30 May 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes