MEDIUM🇵🇱 Wersja polska

CVE-2023-33387

CVSS 6.1v3.1pub. 2023-06-22upd. 2024-11-21

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Datev Eg Personal Management System Comfort\/comfort Plus

    APP
    Datev
    16.1.115.1.0 – 16.1.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2011-5158HIGH9.3ten sam vendor

Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and DvInesLogFileViewer.Exe components in DA...

CVE-2010-0689HIGH10.0ten sam vendor

The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base Syst...

CVE-2003-1169MEDIUM4.6ten sam vendor

DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows lo...