Cross site scripting

2023-06-2211:15:00

PRIOn knowledge base

www.prio-n.com

reflected xss

datev eg

personal-management system

crafted link

security vulnerability

0.001 Low

EPSS

Percentile

32.8%

JSON

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users’ login data by sending a crafted link.

CPENameOperatorVersion
eg_personal-management_system_comfort\\/comfort_plusge15.1.0
eg_personal-management_system_comfort\\/comfort_pluslt16.1.1
eg_personal-management_system_comfort\\/comfort_pluseq16.1.1
eg_personal-management_system_comfort\\/comfort_pluseq16.1.1 p1
eg_personal-management_system_comfort\\/comfort_pluseq16.1.1 p2
eg_personal-management_system_comfort\\/comfort_pluseq16.1.1 p3
eg_personal-management_system_comfort\\/comfort_pluseq16.1.1 p4

Name	Operator	Version
eg_personal-management_system_comfort\\/comfort_plus	ge	15.1.0
eg_personal-management_system_comfort\\/comfort_plus	lt	16.1.1
eg_personal-management_system_comfort\\/comfort_plus	eq	16.1.1
eg_personal-management_system_comfort\\/comfort_plus	eq	16.1.1 p1
eg_personal-management_system_comfort\\/comfort_plus	eq	16.1.1 p2
eg_personal-management_system_comfort\\/comfort_plus	eq	16.1.1 p3
eg_personal-management_system_comfort\\/comfort_plus	eq	16.1.1 p4