Fusion
Monthly
Stored XSS in Autodesk Fusion allows attackers to inject malicious HTML into component descriptions that executes when users click the payload, enabling local file theft or arbitrary code execution on affected systems. The vulnerability requires user interaction and local access but carries high impact due to the ability to compromise the desktop application's security context. A patch is available for remediation.
Stored XSS in Autodesk Fusion allows attackers to inject malicious HTML into part attributes that executes when users interact with crafted files, potentially enabling local file access or arbitrary code execution. This desktop application vulnerability requires user interaction but can compromise system integrity through malicious file sharing. A patch is available.
Stored XSS in Autodesk Fusion's design name field allows attackers to inject malicious HTML that executes when users view the delete confirmation dialog, potentially enabling arbitrary code execution or local file access on affected systems. An attacker must first craft a malicious design name that gets stored in the application, then socially engineer a user to interact with the deletion prompt to trigger the payload. A patch is available to address this vulnerability.
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.
Stored XSS in Autodesk Fusion allows attackers to inject malicious HTML into component descriptions that executes when users click the payload, enabling local file theft or arbitrary code execution on affected systems. The vulnerability requires user interaction and local access but carries high impact due to the ability to compromise the desktop application's security context. A patch is available for remediation.
Stored XSS in Autodesk Fusion allows attackers to inject malicious HTML into part attributes that executes when users interact with crafted files, potentially enabling local file access or arbitrary code execution. This desktop application vulnerability requires user interaction but can compromise system integrity through malicious file sharing. A patch is available.
Stored XSS in Autodesk Fusion's design name field allows attackers to inject malicious HTML that executes when users view the delete confirmation dialog, potentially enabling arbitrary code execution or local file access on affected systems. An attacker must first craft a malicious design name that gets stored in the application, then socially engineer a user to interact with the deletion prompt to trigger the payload. A patch is available to address this vulnerability.
A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowing VM administrators to leak memory from the VMX process on the host.