CVE-2023-33387

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:-:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p1:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p2:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p3:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p4:*:*:*:*:*:*

History

28 Jun 2023, 07:12

Type Values Removed Values Added
First Time Datev
Datev eg Personal-management System Comfort\/comfort Plus
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
References (MISC) https://apps.datev.de/help-center/documents/1021479 - (MISC) https://apps.datev.de/help-center/documents/1021479 - Vendor Advisory
References (MISC) https://support.veda.net/datev.php - (MISC) https://support.veda.net/datev.php - Third Party Advisory
References (MISC) https://www.tuv.com/landingpage/de/schwachstelle/ - (MISC) https://www.tuv.com/landingpage/de/schwachstelle/ - Third Party Advisory
CWE CWE-79
CPE cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p2:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p1:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:-:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p4:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p3:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:*:*:*:*:*:*:*:*

22 Jun 2023, 11:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-22 11:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-33387

Mitre link : CVE-2023-33387

CVE.ORG link : CVE-2023-33387


JSON object : View

Products Affected

datev

  • eg_personal-management_system_comfort\/comfort_plus
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')