Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x_CVE-2025-10554

{
    "lastseen": "",
    "description": "A stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.",
    "published": "2025-11-24T15:31:39.739Z",
    "modified": "2025-11-24T17:59:51.057Z",
    "type": "cve",
    "title": "Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x",
    "source": "3DS",
    "references": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10554",
    "id": "CVE-2025-10554",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Dassault Syst\u00e8mes ENOVIA Product Manager Release 3DEXPERIENCE R2023x Golden\nDassault Syst\u00e8mes ENOVIA Product Manager Release 3DEXPERIENCE R2024x Golden\nDassault Syst\u00e8mes ENOVIA Product Manager Release 3DEXPERIENCE R2025x Golden",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ENOVIA Product Manager",
    "version": "Release 3DEXPERIENCE R2023x Golden",
    "vendor": "Dassault Syst\u00e8mes",
    "ai_description": "Stored Cross-site Scripting (XSS) vulnerability in ENOVIA Product Manager",
    "ai_severity": "High",
    "ai_vendor": "Dassault Syst\u00e8mes",
    "ai_product": "ENOVIA Product Manager",
    "ai_version": "Release 3DEXPERIENCE R2023x, Release 3DEXPERIENCE R2024x, Release 3DEXPERIENCE R2025x",
    "ai_score": 8.7
}