A critical vulnerability has been identified in the Altium Forum component of multiple A stored products. This flaw allows an authenticated attacker to inject malicious code into a forum post, which can lead to the compromise of other users' accounts and the theft of sensitive workspace data, including design files, when they view the malicious post.

A stored cross-site scripting (XSS) vulnerability exists because the server fails to properly sanitize user-supplied content within forum posts. An authenticated attacker can create a forum post containing a malicious JavaScript payload. When another user views this post, the payload is executed by the victim's web browser in the context of their authenticated Altium 365 session, granting the attacker the same permissions as the victim.

This vulnerability is rated as critical severity with a CVSS score of 9. Successful exploitation could lead to significant business consequences, including the compromise of user accounts, unauthorized access to and exfiltration of sensitive intellectual property such as proprietary design files, and the potential for unauthorized modification of critical workspace settings. The primary risks to the organization are data breaches, loss of competitive advantage through intellectual property theft, and reputational damage.

Immediate Action: Prioritize and apply the vendor-supplied security updates to all affected "A stored Multiple Products" instances immediately. After patching, review web server and application access logs for any signs of exploitation attempts that may have occurred before the update was applied.

Proactive Monitoring: Implement enhanced monitoring of the Altium Forum application logs. Specifically, search for submissions containing suspicious HTML tags (e.g., <script>, <iframe>, <img>) or JavaScript event handlers (e.g., onerror, onload). Monitor for unusual account activity, such as data access from anomalous IP addresses or atypical session times, which could indicate a compromised account.

Compensating Controls: If immediate patching is not feasible, consider implementing a Web Application Firewall (WAF) with a robust XSS detection rule set to block malicious payloads. Additionally, advise users to exercise caution when viewing forum posts from unknown or untrusted sources as a temporary mitigation measure.

Public Exploit Available: false

Given the critical CVSS score of 9 and the direct risk of intellectual property theft, it is imperative that the organization takes immediate action. We strongly recommend applying the vendor's patch to all affected systems without delay. Although this vulnerability is not currently on the CISA KEV list, its high severity warrants treating it with the highest priority for remediation to prevent potential data breaches and account compromise.