CVE-2025-10551
Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x
CVSS Score
8.7
EPSS Score
0.0%
EPSS Percentile
9th
A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
| CWE | CWE-79 |
| Vendor | dassault systèmes |
| Product | enovia collaborative industry innovator |
| Published | Mar 31, 2026 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for dassault systèmes enovia collaborative industry innovator
Be the first to know when new high vulnerabilities affecting dassault systèmes enovia collaborative industry innovator are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None
Affected Versions
Dassault Systèmes / ENOVIA Collaborative Industry Innovator
Release 3DEXPERIENCE R2023x Golden ≤ Release 3DEXPERIENCE R2023x.FP.CFA.2541 Release 3DEXPERIENCE R2024x Golden ≤ Release 3DEXPERIENCE R2024x.FP.CFA.2537 Release 3DEXPERIENCE R2025x Golden ≤ Release 3DEXPERIENCE R2025x.FP.CFA.2514