Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from...

8.7 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Description

A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.

AI Analysis

Reflected Cross-site Scripting (XSS) vulnerability in ENOVIAvpm Web Access

Basic Information

ID CVE-2026-2101

Source 3DS

Published Feb 16, 2026 at 16:02

Affected Product

Vendor Dassault Systèmes

Product ENOVIAvpm Web Access

Version ENOVIAvpm V1R16 Golden

Affected Versions Dassault Systèmes ENOVIAvpm Web Access ENOVIAvpm V1R16 Golden
Dassault Systèmes ENOVIAvpm Web Access ENOVIAvpm V1R17 Golden
Dassault Systèmes ENOVIAvpm Web Access ENOVIAvpm V1R18 Golden
Dassault Systèmes ENOVIAvpm Web Access ENOVIAvpm V1R19 Golden

CWE Classification

CWE-79

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Dassault Systèmes

Product ENOVIAvpm Web Access

Version ENOVIAvpm V1R16 Golden, ENOVIAvpm V1R17 Golden, ENOVIAvpm V1R18 Golden, ENOVIAvpm V1R19 Golden

References

www.3ds.com /trust-center/security/security-advisories/cve-2026-2101

{
    "lastseen": "",
    "description": "A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.",
    "published": "2026-02-16T16:02:37.621Z",
    "modified": "2026-02-16T16:02:37.621Z",
    "type": "cve",
    "title": "Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19",
    "source": "3DS",
    "references": "https://www.3ds.com/trust-center/security/security-advisories/cve-2026-2101",
    "id": "CVE-2026-2101",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Dassault Syst\u00e8mes ENOVIAvpm Web Access ENOVIAvpm V1R16 Golden\nDassault Syst\u00e8mes ENOVIAvpm Web Access ENOVIAvpm V1R17 Golden\nDassault Syst\u00e8mes ENOVIAvpm Web Access ENOVIAvpm V1R18 Golden\nDassault Syst\u00e8mes ENOVIAvpm Web Access ENOVIAvpm V1R19 Golden",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ENOVIAvpm Web Access",
    "version": "ENOVIAvpm V1R16 Golden",
    "vendor": "Dassault Syst\u00e8mes",
    "ai_description": "Reflected Cross-site Scripting (XSS) vulnerability in ENOVIAvpm Web Access",
    "ai_severity": "High",
    "ai_vendor": "Dassault Syst\u00e8mes",
    "ai_product": "ENOVIAvpm Web Access",
    "ai_version": "ENOVIAvpm V1R16 Golden, ENOVIAvpm V1R17 Golden, ENOVIAvpm V1R18 Golden, ENOVIAvpm V1R19 Golden",
    "ai_score": 8.7
}

Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19_CVE-2026-2101