CVE-2025-4984

HIGH

City Discover - XSS

Title source: llm

Description

A stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.

Exploits (1)

github WORKING POC 64 stars

by Yuri08loveElaina · pythonpoc

https://github.com/Yuri08loveElaina/CVE-2025-49844

View Code ZIP pw:eip

References (1)

[Various Sources] https://www.3ds.com/vulnerability/advisories

Scores

CVSS v3 8.7

EPSS 0.0015

EPSS Percentile 35.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Details

CWE

CWE-79

Status published

Products (1)

Dassault Systèmes/City Referential Manager Release 3DEXPERIENCE R2025x Golden

Published May 30, 2025

Tracked Since Feb 18, 2026