Vulnerability Description
A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Datev | Eg Personal-Management System Comfort\/Comfort Plus | >= 15.1.0, < 16.1.1 |
Related Weaknesses (CWE)
References
- https://apps.datev.de/help-center/documents/1021479Vendor Advisory
- https://support.veda.net/datev.phpThird Party Advisory
- https://www.tuv.com/landingpage/de/schwachstelle/Third Party Advisory
- https://apps.datev.de/help-center/documents/1021479Vendor Advisory
- https://support.veda.net/datev.phpThird Party Advisory
- https://www.tuv.com/landingpage/de/schwachstelle/Third Party Advisory
FAQ
What is CVE-2023-33387?
CVE-2023-33387 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a...
How severe is CVE-2023-33387?
CVE-2023-33387 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-33387?
Check the references section above for vendor advisories and patch information. Affected products include: Datev Eg Personal-Management System Comfort\/Comfort Plus.