{"api_version":"1","generated_at":"2026-06-03T09:30:04+00:00","cve":"CVE-2026-9024","urls":{"html":"https://cve.report/CVE-2026-9024","api":"https://cve.report/api/cve/CVE-2026-9024.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-9024","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-9024"},"summary":{"title":"Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x","description":"A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session.","state":"PUBLISHED","assigner":"3DS","published_at":"2026-06-01 09:16:21","updated_at":"2026-06-01 17:57:39"},"problem_types":["CWE-79","CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":[{"version":"3.1","source":"3DS.Information-Security@3ds.com","type":"Secondary","score":"8.7","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.7","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://www.3ds.com/trust-center/security/security-advisories/cve-2026-9024","name":"https://www.3ds.com/trust-center/security/security-advisories/cve-2026-9024","refsource":"3DS.Information-Security@3ds.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-9024","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-9024","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Dassault Systèmes","product":"DELMIA Service Process Engineer","version":"affected Release 3DEXPERIENCE R2024x Golden 3DEXPERIENCE R2024x FP.CFA.2537 custom","platforms":[]},{"source":"CNA","vendor":"Dassault Systèmes","product":"DELMIA Service Process Engineer","version":"affected Release 3DEXPERIENCE R2025x Golden 3DEXPERIENCE R2025x FP.CFA.2541 custom","platforms":[]},{"source":"CNA","vendor":"Dassault Systèmes","product":"DELMIA Service Process Engineer","version":"affected Release 3DEXPERIENCE R2026x Golden","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"9024","cve":"CVE-2026-9024","epss":"0.000320000","percentile":"0.098650000","score_date":"2026-06-02","updated_at":"2026-06-03 00:08:15"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-9024","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-01T13:06:09.902286Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-01T13:06:19.522Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"DELMIA Service Process Engineer","vendor":"Dassault Systèmes","versions":[{"lessThanOrEqual":"3DEXPERIENCE R2024x FP.CFA.2537","status":"affected","version":"Release 3DEXPERIENCE R2024x Golden","versionType":"custom"},{"lessThanOrEqual":"3DEXPERIENCE R2025x FP.CFA.2541","status":"affected","version":"Release 3DEXPERIENCE R2025x Golden","versionType":"custom"},{"status":"affected","version":"Release 3DEXPERIENCE R2026x Golden"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session."}],"value":"A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-01T08:21:06.579Z","orgId":"f5a594e6-46a7-4e60-8a08-0a786e70e433","shortName":"3DS"},"references":[{"url":"https://www.3ds.com/trust-center/security/security-advisories/cve-2026-9024"}],"source":{"discovery":"EXTERNAL"},"title":"Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x","x_generator":{"engine":"Vulnogram 0.1.0-dev"}}},"cveMetadata":{"assignerOrgId":"f5a594e6-46a7-4e60-8a08-0a786e70e433","assignerShortName":"3DS","cveId":"CVE-2026-9024","datePublished":"2026-06-01T08:21:06.579Z","dateReserved":"2026-05-19T15:19:39.513Z","dateUpdated":"2026-06-01T13:06:19.522Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-01 09:16:21","lastModifiedDate":"2026-06-01 17:57:39","problem_types":["CWE-79","CWE-79 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"],"metrics":{"cvssMetricV31":[{"source":"3DS.Information-Security@3ds.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":5.8}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"9024","Ordinal":"1","Title":"Stored Cross-site Scripting (XSS) vulnerability affecting Proces","CVE":"CVE-2026-9024","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"9024","Ordinal":"1","NoteData":"A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session.","Type":"Description","Title":"Stored Cross-site Scripting (XSS) vulnerability affecting Proces"}]}}}