CVE-2023-3588

Published: Sep 13, 2023Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.

Affected (8)

Products: 3ds: Teamwork Cloud No Magic Release

3ds

1 product

Teamwork Cloud No Magic Release

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
3ds Teamwork Cloud No Magic Release	Version 2021x
3ds Teamwork Cloud No Magic Release	Version 2021x
3ds Teamwork Cloud No Magic Release	Version 2021x
3ds Teamwork Cloud No Magic Release	Version 2021x
3ds Teamwork Cloud No Magic Release	Version 2022x
3ds Teamwork Cloud No Magic Release	Version 2022x
3ds Teamwork Cloud No Magic Release	Version 2022x
3ds Teamwork Cloud No Magic Release	Version 2022x

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://www.3ds.com/vulnerability/advisories

Source: 3DS.Information-Security@3ds.com

Vendor Advisory

https://www.3ds.com/vulnerability/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.