Vulnerability Details CVE-2023-4296
If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.6%
CVSS Severity
CVSS v3 Score 8.8
References
- http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2023/Sep/10
- https://codebeamer.com/cb/wiki/31346480
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01
- http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2023/Sep/10
- https://codebeamer.com/cb/wiki/31346480
- https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01
Products affected by CVE-2023-4296
-
cpe:2.3:a:intland:codebeamer:21.09.0
-
cpe:2.3:a:intland:codebeamer:22.04.0
-
cpe:2.3:a:intland:codebeamer:22.10.0