← Back

On Prem Enterprise Server

on-prem_enterprise_server

Vendor: Altium • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-27380
1Altium
1On Prem Enterprise Server
Feb 26, 2026
Jan 22, 2026
N/A· v4
7.6 HIGH· v3
N/A· v2
HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted HTML content.
CVE-2025-27379
1Altium
1On Prem Enterprise Server
Feb 26, 2026
Jan 22, 2026
N/A· v4
4.6 MEDIUM· v3
N/A· v2
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when th...Show more
A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a schematic, which is executed when the BOM Viewer renders the affected content.Show less
CVE-2025-27378
1Altium
1On Prem Enterprise Server
Feb 26, 2026
Jan 22, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled,...Show more
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries.Show less
CVE-2026-1010
1Altium
1On Prem Enterprise Server
Jan 23, 2026
Jan 15, 2026
N/A· v4
5.4 MEDIUM· v3
N/A· v2
A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary Jav...Show more
A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation, including creation of new administrator accounts, session token theft, and execution of administrative actions.Show less