CVE-2023-33387

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jun 22, 2023

Updated: Jun 28, 2023

CWE ID 79

Summary

CVE-2023-33387 is a reflected cross-site scripting (XSS) vulnerability affecting DATEV eG's Personal-Management System Comfort/Comfort Plus versions 15.1.0 to 16.1.1 P4. Attackers can exploit this issue by sending targeted users crafted links, which, if clicked, allow the attacker to steal login data. This vulnerability poses a significant risk to users' confidential information and highlights the importance of prompt patching to mitigate such threats.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

DATEV

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rvLViy
https://www.cve.org/CVERecord?id=CVE-2023-33387
https://nvd.nist.gov/vuln/detail/CVE-2023-33387

Back to Vulnerability Database

CVE-2023-33387

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations