CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-33387

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.3%

CVSS Severity

CVSS v3 Score 6.1

References

https://apps.datev.de/help-center/documents/1021479
https://support.veda.net/datev.php
https://www.tuv.com/landingpage/de/schwachstelle/
https://apps.datev.de/help-center/documents/1021479
https://support.veda.net/datev.php
https://www.tuv.com/landingpage/de/schwachstelle/

Products affected by CVE-2023-33387

Datev » Eg Personal-Management System Comfort/comfort Plus » Version: Any

cpe:2.3:a:datev:eg_personal-management_system_comfort/comfort_plus:*
Datev » Eg Personal-Management System Comfort/comfort Plus » Version: 16.1.1

cpe:2.3:a:datev:eg_personal-management_system_comfort/comfort_plus:16.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33387

Products

Pricing

Contact Us