A high-severity stored Cross-site Scripting (XSS) vulnerability has been identified in the 3DSearch component of the 3DSwymer application. This flaw allows an attacker to inject malicious code that gets stored on the server and executes in the web browser of any user who views the compromised content. Successful exploitation could lead to user account takeover, theft of sensitive session data, and redirection to malicious websites, posing a significant risk to data integrity and user security.

This is a stored Cross-site Scripting (XSS) vulnerability. The 3DSearch component within the 3DSwymer application fails to properly sanitize user-supplied input before storing it in the backend database. An authenticated attacker can submit a crafted payload containing malicious JavaScript code to a data field processed by the search function. When another user performs an action that retrieves and displays this stored data, the malicious script executes within the context of that user's browser session, granting the attacker the same permissions as the victim user.

This vulnerability is rated as High severity with a CVSS score of 8.7. Exploitation could have a significant negative impact on the business by compromising the confidentiality and integrity of sensitive corporate data managed within the 3DEXPERIENCE platform, such as intellectual property, design schematics, and project details. An attacker could hijack user sessions to exfiltrate data, manipulate information, or pivot to other systems. The potential for account compromise, data theft, and application defacement poses a direct threat to operational continuity and could result in reputational damage and financial loss.

Immediate Action: Apply the security updates released by the vendor across all affected instances of the 3DEXPERIENCE platform immediately. After patching, review access and application logs for any signs of compromise or attempts to exploit this vulnerability that may have occurred prior to remediation.

Proactive Monitoring: Monitor application logs for suspicious user-submitted content, specifically looking for HTML tags like <script>, <iframe>, or JavaScript event handlers (e.g., onerror, onload) within search fields or other user-controllable data. Network monitoring should be configured to detect and alert on unusual outbound connections from client browsers to unknown domains, which could indicate data exfiltration.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rules specifically designed to detect and block common XSS payloads. Enforce stricter content security policies (CSP) on the webserver to limit the browser's ability to execute untrusted inline scripts. Conduct user awareness training to advise employees to report any unexpected application behavior or pop-ups.

Public Exploit Available: false

Given the high CVSS score of 8.7, this vulnerability presents a critical risk and must be addressed with urgency. The primary recommendation is to apply the vendor-provided security patches immediately to all vulnerable systems. While this CVE is not currently listed on the CISA KEV catalog, its severity makes it a prime candidate for future inclusion. If patching is delayed for any reason, the compensating controls outlined above should be implemented as a temporary risk-mitigation measure.