CVE-2025-4985 – “3DEXPERIENCE Project Portfolio Manager Stored XSS Vulnerability”

May 30, 2025

CVE ID : CVE-2025-4985

Published : May 30, 2025, 3:15 p.m. | 1 hour, 44 minutes ago

Description : A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4992 – “Service Process Engineer XSS Vulnerability”

Next Article CVE-2025-3611 – Mattermost System Manager Access Control Enforcement Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

CodeSOD: Integral to a Database Read

Players aren’t buying Call of Duty’s “error” excuse for the ads Activision started forcing into the game’s menus recently

In Sam Altman’s world, the perfect AI would be “a very tiny model with superhuman reasoning capabilities” for any context

Sam Altman’s ouster from OpenAI was so dramatic that it’s apparently becoming a movie — Will we finally get the full story?

One of Microsoft’s biggest hardware partners joins its “bold strategy, Cotton” moment over upgrading to Windows 11, suggesting everyone just buys a Copilot+ PC

Enable Flexible Pattern Matching with Laravel’s Case-Insensitive Str::is Method

Enable Flexible Pattern Matching with Laravel’s Case-Insensitive Str::is Method

Laravel OpenRouter

This Week in Laravel: Starter Kits, Alpine, PDFs and Roles/Permissions

FOSS Weekly #25.23: Helwan Linux, Quarkdown, Konsole Tweaks, Keyboard Shortcuts and More Linux Stuff

FOSS Weekly #25.23: Helwan Linux, Quarkdown, Konsole Tweaks, Keyboard Shortcuts and More Linux Stuff

Grow is a declarative website generator

Raspberry Pi 5 Desktop Mini PC: Benchmarking

CVE-2025-4985 – “3DEXPERIENCE Project Portfolio Manager Stored XSS Vulnerability”

Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud

How Falcon Next-Gen SIEM Protects Enterprises from VMware vCenter Attacks

CVE-2025-5447 – Linksys Wireless Router OS Command Injection Vulnerability

Resticker runs automatic restic backups

CVE-2025-43955 – Convertigo TwsCachedXPathAPI Commons-JXPath API Deserialization Vulnerability

Meta ditches fact checking for community notes – just like on X

This simple (and actually useful) AI tool is my favorite new Pixel feature (it’s in iOS 18, too)

Scalable Design: Creating Graphics That Grow With Your Brand

Stop targeting Russian hackers, Trump administration orders US Cyber Command

CVE-2024-13929 – ASPECT Servlet Injection Remote Code Execution Vulnerability

CVE-2025-4985 – “3DEXPERIENCE Project Portfolio Manager Stored XSS Vulnerability”

Related Posts