A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NDatev Eg Personal Management System Comfort\/comfort Plus
APPDatev16.1.115.1.0 – 16.1.1 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2011-5158HIGH9.3ten sam vendor
Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DA...
CVE-2010-0689HIGH10.0ten sam vendor
The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base Syst...
CVE-2003-1169MEDIUM4.6ten sam vendor
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows lo...