CVE-2023-3588

Summary

A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.

Affected Software

VendorProductVersion RangeStatus
Dassault SystèmesTeamwork Cloud - Business EditionNo Magic Release 2021x Golden <= No Magic Release 2021x Refresh2affected
Dassault SystèmesTeamwork Cloud - Business EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2affected
Dassault SystèmesTeamwork Cloud - Enterprise EditionNo Magic Release 2021x Golden <= No Magic Release 2021x Refresh2affected
Dassault SystèmesTeamwork Cloud - Enterprise EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2affected
Dassault SystèmesTeamwork Cloud - Business Pro EditionNo Magic Release 2021x Golden <= No Magic Release 2021x Refresh2affected
Dassault SystèmesTeamwork Cloud - Business Pro EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2affected
Dassault SystèmesTeamwork Cloud - Standard EditionNo Magic Release 2021x Golden <= No Magic Release 2021x Refresh2affected
Dassault SystèmesTeamwork Cloud - Standard EditionNo Magic Release 2022x Golden <= No Magic Release 2022x Refresh2affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References