Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
ENOVIAvpm Web Access allows malicious code to run on users' browsers
CVE-2026-2101
Summary
ENOVIAvpm Web Access, a software used by project management teams, has a security weakness that could allow hackers to inject malicious code into users' web browsers. This could lead to unauthorized access to sensitive information or disruption of user sessions. To protect your data, update your ENOVIAvpm software to the latest version.
Original title
A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrar...
Original description
A Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIAvpm Web Access from ENOVIAvpm Version 1 Release 16 through ENOVIAvpm Version 1 Release 19 allows an attacker to execute arbitrary script code in user's browser session.
nvd CVSS3.1
8.7
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026