Delmia Apriso
CVE-2023-2139
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.
AnalysisAI
A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code. Affected products include: 3Ds Delmia Apriso.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Delmia Apriso
View allDELMIA Apriso contains a missing authorization vulnerability allowing attackers to gain privileged access to the manufac
Dassault Systemes DELMIA Apriso (releases 2020-2025) contains an unauthenticated deserialization vulnerability (CVE-2025
DELMIA Apriso from Release 2020 through 2025 contains a code injection vulnerability allowing attackers to execute arbit
Authentication bypass in Dassault Systèmes DELMIA Apriso (Release 2020 through Release 2026) lets remote unauthenticated
An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authenticati
Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Releas
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenti
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today