Altium 365 Stored Cross-Site Scripting Vulnerability in User Profile Text Fields

Vulnerability

A stored cross-site scripting vulnerability has been identified in Altium 365 user profile text fields. This issue arises from inadequate server-side input sanitization, which enables authenticated users to inject arbitrary HTML and JavaScript payloads. The vulnerability exploits whitespace-based attribute parsing bypass techniques. Once injected, the payload is persisted and executed when other users view the affected profile page. This could lead to session token theft, phishing attacks, or malicious redirects. Exploitation requires an authenticated account and user interaction to view the modified profile.

Impact

Successful exploitation allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the profile.

Added: Jan 15, 2026, 11:21 PM

Updated: Jan 16, 2026, 1:00 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Altium 365 Stored Cross-Site Scripting Vulnerability in User Profile Text Fields

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating