CVE-2026-9024
8.7 HIGHA Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DE...
Published: 2026-06-01 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 8.7 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
- CWE
- CWE-79
Description
A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-48157 — Slim is a PHP micro framework that enables users to write simple web applications and APIs (6.1 MEDIUM)
- CVE-2026-52702 — Unauthenticated Cross Site Scripting (XSS) in SEO Redirection <= 9.17 versions (7.1 HIGH)
- CVE-2026-49773 — Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions (6.5 MEDIUM)
- CVE-2026-49055 — Unauthenticated Cross Site Scripting (XSS) in Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.9.7 versions (7.1 HIGH)
- CVE-2026-48966 — Unauthenticated Cross Site Scripting (XSS) in Funnel Builder by FunnelKit <= 3.15.0.2 versions (7.1 HIGH)