ENOVIA Collaborative Industry Innovator Stored XSS Vulnerability (CVE-2025-10551)
A stored cross-site scripting (XSS) vulnerability in ENOVIA Collaborative Industry Innovator allows an attacker to execute arbitrary script code in a user's browser session by injecting malicious code into document management functions.
CVE-2025-10551 is a stored XSS vulnerability affecting the Document Management feature within ENOVIA Collaborative Industry Innovator. This vulnerability exists in versions from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x. A successful exploit allows an attacker to inject malicious JavaScript code into the application, which is then executed within the browser of any user who interacts with the compromised data. This poses a significant risk to data confidentiality and…
Detection coverage 2
Detect Suspicious URI Containing HTML Script Tags
highDetects suspicious URI requests that contain HTML script tags, potentially indicating XSS attacks.
Detect Suspicious URI Containing Base64 Encoded Script Tags
highDetects suspicious URI requests that contain base64 encoded HTML script tags, potentially indicating XSS attacks.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
url