PTC Codebeamer Cross site scripting
CVE-2023-4296

6.1MEDIUM

Key Information:

Vendor: Ptc
Status: Codebeamer
Vendor: CVE Published:; 29 August 2023

What is CVE-2023-4296?

A cross-site scripting vulnerability in PTC Codebeamer allows attackers to exploit weak input validation. If an attacker convinces an admin user to click a malicious link, it may result in arbitrary code being executed in the browser of the target device. This vulnerability underscores the importance of robust security practices to prevent unauthorized access and execution of malicious scripts.

Affected Version(s)

Codebeamer 0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-2...

https://codebeamer.com/cb/wiki/31346480

http://seclists.org/fulldisclosure/2023/Sep/10

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2023
Vulnerability Reserved
Aug 10, 2023

Credit

Niklas Schilling of SEC Consult Vulnerability Lab reported this vulnerability to CISA.