{“lastseen”:””,”description”:”A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can inject arbitrary JavaScript into forum posts, which is stored and executed when other users view the affected post.\\nSuccessful exploitation allows the attacker\u2019s payload to execute in the context of the victim\u2019s authenticated Altium 365 session, enabling unauthorized access to workspace data, including design files and workspace settings. Exploitation requires user interaction to view a malicious forum post.”,”published”:”2026-01-15T22:51:32.441Z”,”modified”:”2026-01-15T22:51:32.441Z”,”type”:”cve”,”title”:”Stored Cross-Site Scripting in Altium Forum Leading to Cross-Customer Data Exposure”,”source”:”Altium”,”references”:”https:\/\/www.altium.com\/platform\/security-compliance\/security-advisories”,”id”:”CVE-2026-1009″,”bulletinFamily”:””,”cwe”:[“CWE-79″,”CWE-284″],”cvelist”:null,”sourceData”:”Altium Altium Forum (Altium 365) unspecified”,”sourceHref”:””,”cvss”:{“score”:9,”severity”:”CRITICAL”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Altium Forum (Altium 365)”,”version”:”unspecified”,”vendor”:”Altium”,”ai_description”:”Stored cross-site scripting vulnerability in Altium Forum due to missing server-side input sanitization, allowing execution of arbitrary JavaScript and unauthorized access to workspace data.”,”ai_severity”:”Critical”,”ai_vendor”:”Altium”,”ai_product”:”Altium Forum (Altium 365)”,”ai_version”:”unspecified”,”ai_score”:9}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitization in forum post content. An authenticated attacker can…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[9,6,8,86,12,13,7,11,5],"class_list":["post-35938","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-critical","tag-cve","tag-cvss","tag-cvss-90","tag-exploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n