Lucene search

[email protected]CVE-2023-33387

HistoryJun 22, 2023 - 11:15 a.m.

CVE-2023-33387

2023-06-2211:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-33387

xss

datev eg

personal-management system

security

vulnerability

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.7%

JSON

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users’ login data by sending a crafted link.

Affected configurations

NVD

Node

dateveg_personal-management_system_comfort\/comfort_plusRange15.1.0–16.1.1

dateveg_personal-management_system_comfort\/comfort_plusMatch16.1.1-

dateveg_personal-management_system_comfort\/comfort_plusMatch16.1.1p1

dateveg_personal-management_system_comfort\/comfort_plusMatch16.1.1p2

dateveg_personal-management_system_comfort\/comfort_plusMatch16.1.1p3

dateveg_personal-management_system_comfort\/comfort_plusMatch16.1.1p4

CPENameOperatorVersion
datev:eg_personal-management_system_comfort\/comfort_plusdatev eg personal-management system comfort/comfort pluslt16.1.1

CPE	Name	Operator	Version
datev:eg_personal-management_system_comfort\/comfort_plus	datev eg personal-management system comfort/comfort plus	lt	16.1.1

References

apps.datev.de/help-center/documents/1021479

support.veda.net/datev.php

www.tuv.com/landingpage/de/schwachstelle/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

32.7%

JSON

Related for CVE-2023-33387

prion1 cvelist1 nvd1