CVE-2026-9024
Received Received - Intake
Stored XSS in DELMIA Process Experience Studio

Publication date: 2026-06-01

Last updated on: 2026-06-01

Assigner: Dassault Systèmes

Description
A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2026x could allow an attacker to execute arbitrary script code in user's browser session.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-01
Generated
2026-06-01
AI Q&A
2026-06-01
EPSS Evaluated
N/A
NVD
CVE-2026-9024
EUVD
EUVD-2026-33604
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dassault_systèmes delmia_service_process_engineer From 3DEXPERIENCE_R2024x (inc) to 3DEXPERIENCE_R2026x (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :

This vulnerability can have a high impact as it allows attackers to execute arbitrary scripts in the context of a user's browser session.

  • Attackers could steal sensitive information such as session tokens or personal data.
  • It could lead to unauthorized actions performed on behalf of the user.
  • The vulnerability could be used to deliver malicious payloads or redirect users to malicious sites.

Can you explain this vulnerability to me?

CVE-2026-9024 is a Stored Cross-site Scripting (XSS) vulnerability that affects the Process Experience Studio component in DELMIA Service Process Engineer. This vulnerability exists in releases from 3DEXPERIENCE R2024x through 3DEXPERIENCE R2026x.

An attacker exploiting this vulnerability can inject and execute arbitrary script code within a user's browser session when interacting with the affected software.


What immediate steps should I take to mitigate this vulnerability?

This vulnerability is a Stored Cross-site Scripting (XSS) affecting Process Experience Studio in DELMIA Service Process Engineer from 3DEXPERIENCE R2024x through R2026x.

To mitigate this vulnerability, you should refer to the remediation information provided by Dassault Systèmes in their security advisories. Applying any available patches or updates for the affected releases is recommended to prevent exploitation.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart