CVE-2026-2101
Received Received - Intake

Reflected XSS in ENOVIAvpm Web Access Enables Script Execution

Vulnerability report for CVE-2026-2101, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-16

Last updated on: 2026-02-16

Assigner: Dassault Systèmes

Description

A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-16
Last Modified
2026-02-16
Generated
2026-07-06
AI Q&A
2026-02-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
enoviavpm enoviavpm_web_access From 1_release_16 (inc) to 1_release_19 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-2101 is a Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access versions from 1 Release 16 through 1 Release 19.'}, {'type': 'paragraph', 'content': "This vulnerability allows an attacker to execute arbitrary script code within the user's browser session when interacting with the affected versions."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "An attacker exploiting this vulnerability can execute arbitrary scripts in the context of the user's browser session."}, {'type': 'paragraph', 'content': 'This can lead to theft of sensitive information, session hijacking, or performing actions on behalf of the user without their consent.'}, {'type': 'paragraph', 'content': 'The vulnerability is rated with a high severity score (CVSS 8.7), indicating a significant impact on confidentiality and integrity.'}] [1]

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2101. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart