CVE-2019-17205
published 2019-10-05CVE-2019-17205: TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed…
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.03%
59.4th percentile
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nilsteampassnet | teampass | 0 – 2.1.27.36 | — |
| teampass | teampass | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
TeamPass Stored Cross-site Scripting
osv·2022-05-24
CVE-2019-17205 [MEDIUM] TeamPass Stored Cross-site Scripting
TeamPass Stored Cross-site Scripting
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
GHSA
TeamPass Stored Cross-site Scripting
ghsa·2022-05-24
CVE-2019-17205 [MEDIUM] CWE-79 TeamPass Stored Cross-site Scripting
TeamPass Stored Cross-site Scripting
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-10-05
Published