CVE-2026-2101

Summary

A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesENOVIAvpm Web AccessENOVIAvpm V1R16 Golden <= ENOVIAvpm V1R16 SP6affected
Dassault SystèmesENOVIAvpm Web AccessENOVIAvpm V1R17 Golden <= ENOVIAvpm V1R17 SP5affected
Dassault SystèmesENOVIAvpm Web AccessENOVIAvpm V1R18 Golden <= ENOVIAvpm V1R18 SP3affected
Dassault SystèmesENOVIAvpm Web AccessENOVIAvpm V1R19 Golden <= ENOVIAvpm V1R19 SP1affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References