On Prem Enterprise Server
CVE-2025-27380
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.
AnalysisAI
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content. [CVSS 7.6 HIGH]
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects On-Prem Enterprise Server. HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
More in On Prem Enterprise Server
View allUnauthenticated arbitrary file write and read in the Network Installation Service (NIS) component of Altium Enterprise S
Arbitrary file write in the Altium Enterprise Server Vault Service allows authenticated users to escape the configured s
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic f
Stored XSS in Altium Workflow Engine allows authenticated users to inject malicious scripts into workflow forms that exe
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today