CVE-2025-27380

Published: Jan 22, 2026Modified: Feb 26, 2026

7.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Exploitability: 2.3 / Impact: 4.7

Source: 4760f414-e1ae-4ff1-bdad-c7a9c3538b79 (Secondary)

Description

HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.

Affected (1)

Products: Altium: On Prem Enterprise Server

Altium

1 product

On Prem Enterprise Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Altium On Prem Enterprise Server	From 7.0.3 to 7.0.6

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (1)

https://www.altium.com/platform/security-compliance/security-advisories

Source: 4760f414-e1ae-4ff1-bdad-c7a9c3538b79

Vendor Advisory

Timeline

No history available yet.