Altium Enterprise Server HTML Injection Vulnerability Allowing Cross-Site Scripting

Vulnerability

A HTML injection vulnerability has been identified in Altium Enterprise Server (AES) version 7.0.3, across all platforms. This vulnerability allows authenticated attackers to execute arbitrary JavaScript in the browsers of victims by using crafted HTML content. The issue arises from inadequate input sanitization, which fails to remove potentially harmful HTML before it is displayed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected JavaScript is executed in the context of the user viewing the affected content.

Added: Jan 22, 2026, 2:20 AM

Updated: Jan 22, 2026, 2:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Altium Enterprise Server HTML Injection Vulnerability Allowing Cross-Site Scripting

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating