CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3589 – Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x
https://notcve.org/view.php?id=CVE-2023-3589
A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) que afecta a Teamwork Cloud desde No Magic Release 2021x hasta No Magic Release 2022x podría permitir, con algunas condiciones muy específicas, que un atacante envíe una consulta específicamente manipulada al servidor. • https://www.3ds.com/vulnerability/advisories • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-3588 – Stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x
https://notcve.org/view.php?id=CVE-2023-3588
A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code. Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que afecta a Teamwork Cloud desde No Magic Release 2021x hasta No Magic Release 2022x permite a un atacante ejecutar scripts de comandos arbitrarios. • https://www.3ds.com/vulnerability/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •