CVE-2025-27379

Medium CVSS: 6.8

A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.

Vendor

Altium

Product

On-prem Enterprise Server

CWE

CWE-79

Yayın Tarihi

2026-01-22 02:15:51

Güncelleme

2026-02-26 21:24:23

Source Identifier

4760f414-e1ae-4ff1-bdad-c7a9c3538b79

KEV Date Added

Kategoriler

CWE-79 On-prem Enterprise Server MEDIUM Altium 2026

Referanslar

https://www.altium.com/platform/security-compliance/security-advisories

Benzer Kayıtlar

High

CVE-2025-27380

HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attac…

High

CVE-2025-27378

AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic f…

Medium

CVE-2025-27377

Altium Designer version 24.9.0 does not validate self-signed server certificates for cloud connections. An attacker capa…

Medium

CVE-2026-1011

A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing…

Critical

CVE-2026-1009

A stored cross-site scripting (XSS) vulnerability exists in the Altium Forum due to missing server-side input sanitizati…

High

CVE-2026-1010

A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input…