CVE-2023-2021
published 2023-04-13CVE-2023-2021: Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.36%
28.1th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| giflib_project | giflib | >= 0 < 5.1.9-1ubuntu0.1 | 5.1.9-1ubuntu0.1 |
| giflib_project | giflib | >= 0 < 5.1.9-2ubuntu0.1 | 5.1.9-2ubuntu0.1 |
| giflib_project | giflib | >= 0 < 5.1.4-0.3~16.04.1+esm1 | 5.1.4-0.3~16.04.1+esm1 |
| giflib_project | giflib | >= 0 < 5.1.4-2ubuntu0.1+esm1 | 5.1.4-2ubuntu0.1+esm1 |
| nilsteampassnet | nilsteampassnet_teampass | >= unspecified < 3.0.3 | 3.0.3 |
| nilsteampassnet | teampass | >= 0 < 3.0.3 | 3.0.3 |
| teampass | teampass | < 3.0.3 | 3.0.3 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.8MEDIUMCVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
osv8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
giflib vulnerabilities
osv·2024-06-10·CVSS 8.8
CVE-2021-40633 giflib vulnerabilities
giflib vulnerabilities
It was discovered that GIFLIB incorrectly handled certain GIF files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2021-40633, CVE-2022-28506, CVE-2023-39742)
GHSA
nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS)
ghsa·2023-04-13
CVE-2023-2021 [MEDIUM] CWE-79 nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS)
nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS)
nilsteampassnet/teampass prior to 3.0.3 is vulnerable to stored cross-site scripting (XSS) in the description parameter of a folder.
OSV
nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS)
osv·2023-04-13
CVE-2023-2021 [MEDIUM] nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS)
nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS)
nilsteampassnet/teampass prior to 3.0.3 is vulnerable to stored cross-site scripting (XSS) in the description parameter of a folder.
Palo Alto
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
vendor_paloalto·2024-09-04·CVSS 6.0
CVE-2022-22965 [MEDIUM] PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0008 Informational Bulletin: Impact of OSS CVEs in PAN-OS
The Palo Alto Networks Product Security Assurance team has evaluated the following open source software (OSS) CVEs as they relate to PAN-OS software. While PAN-OS software may include the
CVEs: CVE-2010-1622, CVE-2015-7552, CVE-2018-16840, CVE-2019-7639, CVE-2020-17049, CVE-2020-7774, CVE-2021-0131, CVE-2021-0132, CVE-2021-0133, CVE-2021-0134, CVE-2021-4044, CVE-2021-4160, CVE-2021-41773, CVE-2022-1343, CVE-2022-21449, CVE-2022-2274, CVE-2022-22963, CVE-2022-22965, CVE-2022-24697, CVE-2022-32207, CVE-2022-3358, CVE-2022-3996, CVE-2022-40664, CVE-2022-44792, CVE-2022-44793, CVE-2023-1255, CVE-2023-22809, CVE-2023-23919, CVE-2023-3341, CVE-2023-4236, CVE-2023-4863, CVE-2023-51767
Affected products: PAN-OS
No detection rules found.
Nuclei
Adobe ColdFusion - Access Control Bypass
nuclei·CVSS 7.5
CVE-2023-38205 [HIGH] Adobe ColdFusion - Access Control Bypass
Adobe ColdFusion - Access Control Bypass
There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.
Template:
id: CVE-2023-38205
info:
name: Adobe ColdFusion - Access Control Bypass
author: DhiyaneshDk
severity: high
description: |
There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.
impact: |
Successful ex
Checkpoint
31st October – Threat Intelligence Report
blogs_checkpoint·2022-10-31
CVE-2022-3723 31st October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 31st October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 31st October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
US-based communications company Twilio has disclosed a new data breach that occurred on June 2022 allegedly by the same threat actors behind the August hack. The hackers have used voice phishing to trick a Twilio employee into handling over their credentials, which the hackers then used to access customer information.
Cu
Checkpoint
10th October – Threat Intelligence Report
blogs_checkpoint·2022-10-10
CVE-2022-41352 10th October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 10th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 10th October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
CommonSpirit Health, the second-largest nonprofit hospital chain in the U.S with 140 hospitals and over 1,000 facilities in 21 states, suffered a cybersecurity incident that disrupted medical services across the country. Facilities in Iowa, Nebraska, Tennessee and Washington were among those affected. The nature of the at
Checkpoint
28th June – Threat Intelligence Report
blogs_checkpoint·2021-06-28
CVE-2021-21998 28th June – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 28th June – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 28th June, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Russian-based threat group Nobelium is using password spraying and brute force attacks to gain access to corporate networks. The group, which was behind the SolarWinds supply-chain attack, deployed an information-stealing Trojan on a Microsoft customer support agent’s computer to steal information. Over half of the targets were
https://github.com/nilsteampassnet/teampass/commit/77c541a0151841d1f4ceb0a84ca391e1b526d58dhttps://huntr.dev/bounties/2e31082d-7aeb-46ff-84d6-9561758e3bf0https://github.com/nilsteampassnet/teampass/commit/77c541a0151841d1f4ceb0a84ca391e1b526d58dhttps://huntr.dev/bounties/2e31082d-7aeb-46ff-84d6-9561758e3bf0
2023-04-13
Published