Описание
A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.
Ссылки
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 15.1.0 (включая) до 16.1.1 (исключая)
Одно из
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:*:*:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:-:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p1:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p2:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p3:*:*:*:*:*:*
cpe:2.3:a:datev:eg_personal-management_system_comfort\/comfort_plus:16.1.1:p4:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00506
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 2 лет назад
A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.
EPSS
Процентиль: 66%
0.00506
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79