Lucene search

[email protected]CVE-2023-3588

HistorySep 13, 2023 - 7:15 p.m.

CVE-2023-3588

2023-09-1319:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve

2023

3588

stored xss

teamwork cloud

no magic release

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.

Affected configurations

NVD

Node

3dsteamwork_cloud_no_magic_releaseMatch2021xbusiness

3dsteamwork_cloud_no_magic_releaseMatch2021xbusiness_pro

3dsteamwork_cloud_no_magic_releaseMatch2021xenterprise

3dsteamwork_cloud_no_magic_releaseMatch2021xstandard

3dsteamwork_cloud_no_magic_releaseMatch2022xbusiness

3dsteamwork_cloud_no_magic_releaseMatch2022xbusiness_pro

3dsteamwork_cloud_no_magic_releaseMatch2022xenterprise

3dsteamwork_cloud_no_magic_releaseMatch2022xstandard

CPENameOperatorVersion
3ds:teamwork_cloud_no_magic_release3ds teamwork cloud no magic releaseeq2021x
3ds:teamwork_cloud_no_magic_release3ds teamwork cloud no magic releaseeq2022x

CPE	Name	Operator	Version
3ds:teamwork_cloud_no_magic_release	3ds teamwork cloud no magic release	eq	2021x
3ds:teamwork_cloud_no_magic_release	3ds teamwork cloud no magic release	eq	2022x

CNA Affected

[
  {
    "vendor": "Dassault Systèmes",
    "product": "Teamwork Cloud - Business Edition",
    "versions": [
      {
        "status": "affected",
        "version": "No Magic Release 2021x Golden",
        "lessThanOrEqual": "No Magic Release 2021x Refresh2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "No Magic Release 2022x Golden",
        "lessThanOrEqual": "No Magic Release 2022x Refresh2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Dassault Systèmes",
    "product": "Teamwork Cloud - Enterprise Edition",
    "versions": [
      {
        "status": "affected",
        "version": "No Magic Release 2021x Golden",
        "lessThanOrEqual": "No Magic Release 2021x Refresh2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "No Magic Release 2022x Golden",
        "lessThanOrEqual": "No Magic Release 2022x Refresh2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Dassault Systèmes",
    "product": "Teamwork Cloud - Business Pro Edition",
    "versions": [
      {
        "status": "affected",
        "version": "No Magic Release 2021x Golden",
        "lessThanOrEqual": "No Magic Release 2021x Refresh2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "No Magic Release 2022x Golden",
        "lessThanOrEqual": "No Magic Release 2022x Refresh2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Dassault Systèmes",
    "product": "Teamwork Cloud - Standard Edition",
    "versions": [
      {
        "status": "affected",
        "version": "No Magic Release 2021x Golden",
        "lessThanOrEqual": "No Magic Release 2021x Refresh2",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "No Magic Release 2022x Golden",
        "lessThanOrEqual": "No Magic Release 2022x Refresh2",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.3ds.com/vulnerability/advisories