CVE-2019-16904
published 2019-09-26CVE-2019-16904: TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.69%
48.1th percentile
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nilsteampassnet | teampass | 0 – 2.1.27.36 | — |
| teampass | teampass | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
TeamPass Cross-site Scripting (XSS) vulnerability
osv·2022-05-24
CVE-2019-16904 [MEDIUM] TeamPass Cross-site Scripting (XSS) vulnerability
TeamPass Cross-site Scripting (XSS) vulnerability
TeamPass 2.1.27.36 allows XSS by setting a crafted password for an item in a folder, and then sharing that item with an admin. (The crafted password is exploitable when viewing the change history, or the previous used password field.)
GHSA
TeamPass Cross-site Scripting (XSS) vulnerability
ghsa·2022-05-24
CVE-2019-16904 [MEDIUM] CWE-79 TeamPass Cross-site Scripting (XSS) vulnerability
TeamPass Cross-site Scripting (XSS) vulnerability
TeamPass 2.1.27.36 allows XSS by setting a crafted password for an item in a folder, and then sharing that item with an admin. (The crafted password is exploitable when viewing the change history, or the previous used password field.)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-09-26
Published