CVE-2024-7939

A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.
References
Link Resource
https://www.3ds.com/vulnerability/advisories Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:3ds:3dexperience:r2024x:*:*:*:*:*:*:*

History

13 Sep 2024, 07:15

Type Values Removed Values Added
Summary (en) A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. (en) A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

04 Sep 2024, 14:54

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.7
v2 : unknown
v3 : 5.4
CPE cpe:2.3:a:3ds:3dexperience:r2024x:*:*:*:*:*:*:*
References () https://www.3ds.com/vulnerability/advisories - () https://www.3ds.com/vulnerability/advisories - Vendor Advisory
First Time 3ds
3ds 3dexperience

03 Sep 2024, 12:59

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de Cross-site Scripting (XSS) Almacenado que afecta a 3DSwym en la versión 3DSwymer en 3DEXPERIENCE R2024x permite a un atacante ejecutar código de script arbitrario en la sesión del navegador del usuario.

02 Sep 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-02 12:15

Updated : 2024-09-13 07:15


NVD link : CVE-2024-7939

Mitre link : CVE-2024-7939

CVE.ORG link : CVE-2024-7939


JSON object : View

Products Affected

3ds

  • 3dexperience
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')