ENOVIAvpm Web Access CVE-2026-2101
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.
AnalysisAI
ENOVIAvpm Web Access versions 1.16 through 1.19 contain a reflected XSS vulnerability that allows authenticated attackers to inject and execute arbitrary JavaScript in a victim's browser session through a crafted URL. The vulnerability requires user interaction to trigger but can lead to session hijacking, credential theft, or malware distribution across the affected organization. No patch is currently available, requiring organizations to implement network-level mitigations or restrict access until a fix is released.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.
Affected ProductsAI
A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Re
RemediationAI
Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today