CVE-2023-4296 – PTC Codebeamer Cross site scripting

https://notcve.org/view.php?id=CVE-2023-4296

​If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device. ?Si un atacante engaña a un usuario administrador de PTC Codebeamer para que haga clic en un vínculo malicioso, puede permitir que el atacante inyecte código arbitrario para que se ejecute en el navegador del dispositivo de destino. PTC - Codebeamer versions 22.10-SP7 and below, 22.04-SP5 and below, and 21.09-SP13 and below suffer from a cross site scripting vulnerability. • http://packetstormsecurity.com/files/174703/PTC-Codebeamer-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2023/Sep/10 https://codebeamer.com/cb/wiki/31346480 https://www.cisa.gov/news-events/ics-advisories/icsa-23-241-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •