# CVE-2024-6380

Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

**Published**
2024-10-16

**Updated**
-

**Description**
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session.

**Affected Products**
ENOVIA Collaborative Industry Innovator

**Affected Versions**
From Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x

**Severity**
High

Go to Dassault Systèmes Security Advisories

[Security Advisories](/trust-center/security/security-advisories)

[   Go to CVE record  ](https://www.cve.org/CVERecord?id=CVE-2024-6380)

[   Access remediation information     ](https://support.3ds.com/knowledge-base/?q=docid%3AQA00000367468)