Altium Forum Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in the Altium Forum, stemming from inadequate server-side input sanitization in forum post content. This vulnerability allows authenticated attackers to inject arbitrary JavaScript into posts, which is then executed when other users view the affected content. The execution occurs within the context of the victim's authenticated Altium 365 session, potentially granting unauthorized access to workspace data, including design files and workspace settings. Exploitation of this vulnerability requires user interaction to view the malicious post.

Impact

Exploitation of this vulnerability allows injected JavaScript to execute in the context of the victim's Altium 365 session, leading to unauthorized access to workspace data, such as design files and workspace settings.

Added: Jan 19, 2026, 1:19 PM

Updated: Jan 19, 2026, 1:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

5.0

remediation

0.0

relevance

2.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Altium Forum Stored Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating