{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-27380", "assignerOrgId": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "state": "PUBLISHED", "assignerShortName": "Altium", "dateReserved": "2025-02-23T21:02:12.105Z", "datePublished": "2026-01-22T01:28:24.200Z", "dateUpdated": "2026-01-22T18:55:23.707Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["web"], "product": "AES", "vendor": "Altium", "versions": [{"changes": [{"at": "7.0.6", "status": "unaffected"}], "lessThanOrEqual": "7.0.5", "status": "affected", "version": "7.0.3", "versionType": "semver"}]}], "datePublic": "2025-04-05T00:28:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim\u2019s browser via crafted HTML content.<br>"}], "value": "HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim\u2019s browser via crafted HTML content."}], "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 \u2013 Cross-Site Scripting"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 \u2013 Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "shortName": "Altium", "dateUpdated": "2026-01-22T01:29:16.784Z"}, "references": [{"url": "https://www.altium.com/platform/security-compliance/security-advisories"}], "source": {"discovery": "UNKNOWN"}, "title": "HTML Injection Leading to Script Execution in Altium Enterprise Server", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-22T18:47:19.951599Z", "id": "CVE-2025-27380", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T18:55:23.707Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27380", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-22T18:47:19.951599Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-22T18:55:16.756Z"}}], "cna": {"title": "HTML Injection Leading to Script Execution in Altium Enterprise Server", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-63", "descriptions": [{"lang": "en", "value": "CAPEC-63 \u2013 Cross-Site Scripting"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Altium", "product": "AES", "versions": [{"status": "affected", "changes": [{"at": "7.0.6", "status": "unaffected"}], "version": "7.0.3", "versionType": "semver", "lessThanOrEqual": "7.0.5"}], "platforms": ["web"], "defaultStatus": "unaffected"}], "datePublic": "2025-04-05T00:28:00.000Z", "references": [{"url": "https://www.altium.com/platform/security-compliance/security-advisories"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim\u2019s browser via crafted HTML content.", "supportingMedia": [{"type": "text/html", "value": "HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim\u2019s browser via crafted HTML content.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 \u2013 Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting)"}]}], "providerMetadata": {"orgId": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "shortName": "Altium", "dateUpdated": "2026-01-22T01:29:16.784Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27380", "state": "PUBLISHED", "dateUpdated": "2026-01-22T18:55:23.707Z", "dateReserved": "2025-02-23T21:02:12.105Z", "assignerOrgId": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "datePublished": "2026-01-22T01:28:24.200Z", "assignerShortName": "Altium"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim\u2019s browser via crafted HTML content."}], "id": "CVE-2025-27380", "lastModified": "2026-01-22T02:15:51.310", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.7, "source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "type": "Secondary"}]}, "published": "2026-01-22T02:15:51.310", "references": [{"source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "url": "https://www.altium.com/platform/security-compliance/security-advisories"}], "sourceIdentifier": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "4760f414-e1ae-4ff1-bdad-c7a9c3538b79", "type": "Secondary"}]}

{}