Altium On-Prem Enterprise Server 8.0.1
Approved changes feed: RSS · Atom
cpe:2.3:a:altium:on-prem_enterprise_server:8.0.1:*:*:*:*:*:*:*
part: a version: 8.0.1 update: *
| Vendor | Altium (0a2f714e-ee70-5e20-8e9c-1ce76de9fcfe) |
|---|---|
| Product | On Prem Enterprise Server (c62c47f8-d67e-5f20-93b7-c39c9fd5636e) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-1010 |
vulnerable | 2026-06-08 07:47:14.234656 |
Stored Cross-Site Scripting in Altium Enterprise Server Workflow Engine Allows Privilege Escalation
HIGH (8)
A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data.
When an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation, including creation of new administrator accounts, session token theft, and execution of administrative actions.
Published: 2026-01-15T23:00:18.163Z
Updated: 2026-02-05T22:07:23.193Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.