On Prem Enterprise Server
CVE-2025-27379
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H
Lifecycle Timeline
2DescriptionCVE.org
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.
AnalysisAI
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content. [CVSS 6.8 MEDIUM]
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects On-Prem Enterprise Server. A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in On Prem Enterprise Server
View allUnauthenticated arbitrary file write and read in the Network Installation Service (NIS) component of Altium Enterprise S
Arbitrary file write in the Altium Enterprise Server Vault Service allows authenticated users to escape the configured s
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic f
Stored XSS in Altium Workflow Engine allows authenticated users to inject malicious scripts into workflow forms that exe
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attac
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today