CVE-2025-4985 – “3DEXPERIENCE Project Portfolio Manager Stored XSS Vulnerability”

May 30, 2025

CVE ID : CVE-2025-4985

Published : May 30, 2025, 3:15 p.m. | 1 hour, 44 minutes ago

Description : A stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user’s browser session.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4992 – “Service Process Engineer XSS Vulnerability”

Next Article CVE-2025-3611 – Mattermost System Manager Access Control Enforcement Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteelSeries reveals new Arctis Nova 3 Wireless headset series for Xbox, PlayStation, Nintendo Switch, and PC

The Witcher 4 looks absolutely amazing in UE5 technical presentation at State of Unreal 2025

Razer’s having another go at making it so you never have to charge your wireless gaming mouse, and this time it might have nailed it

Alienware’s rumored laptop could be the first to feature NVIDIA’s revolutionary Arm-based APU

easy-live2d – About Make your Live2D as easy to control as a pixi sprite! Live2D Web SDK based on Pixi.js.

easy-live2d – About Make your Live2D as easy to control as a pixi sprite! Live2D Web SDK based on Pixi.js.

From Kitchen To Conversion

Perficient Included in Forrester’s AI Technical Services Landscape, Q2 2025

SteelSeries reveals new Arctis Nova 3 Wireless headset series for Xbox, PlayStation, Nintendo Switch, and PC

SteelSeries reveals new Arctis Nova 3 Wireless headset series for Xbox, PlayStation, Nintendo Switch, and PC

The Witcher 4 looks absolutely amazing in UE5 technical presentation at State of Unreal 2025

Razer’s having another go at making it so you never have to charge your wireless gaming mouse, and this time it might have nailed it

CVE-2025-4985 – “3DEXPERIENCE Project Portfolio Manager Stored XSS Vulnerability”

Actively Exploited Qualcomm GPU Zero-Days Added to CISA’s KEV Catalog

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Appium2 + iOS app : Appium inspector is not loading to inspect elements for iOS after upgrading to macOS Sequoia

Google Cloud: Driving digital transformation

Released: MITRE ATT&CK v17.0, now with ESXi attack TTPs

Love Metaphor: ReFantazio? HYTE has a new PC case and accessories for you.

MALT (Mesoscopic Almost Linearity Targeting): A Novel Adversarial Targeting Method based on Medium-Scale Almost Linearity Assumptions

CVE-2025-1327 – “Homey WordPress Theme Insecure Direct Object Reference Vulnerability”

Why would StringUtils return the incorrect # of matches of a substring?

CVE-2025-4219 – WordPress DPEPress Stored Cross-Site Scripting

CVE-2025-4985 – “3DEXPERIENCE Project Portfolio Manager Stored XSS Vulnerability”

Related Posts