CVE-2023-3190
published 2023-06-10CVE-2023-3190: Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
PriorityP419medium4.6CVSS 3.1
AVNACLPRLUIRSUCLILAN
EPSS
0.52%
40.3th percentile
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nilsteampassnet | nilsteampassnet_teampass | >= unspecified < 3.0.9 | 3.0.9 |
| nilsteampassnet | teampass | >= 0 < 3.0.9 | 3.0.9 |
| teampass | teampass | < 3.0.9 | 3.0.9 |
CVSS provenance
nvdv3.14.6MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
nvdv3.03.5LOWCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Teampass Cross-site Scripting vulnerability
osv·2023-06-10
CVE-2023-3190 [MEDIUM] Teampass Cross-site Scripting vulnerability
Teampass Cross-site Scripting vulnerability
In versions of nilsteampassnet/teampass prior to 3.0.9 some user input was not properly sanitized which may have lead to stored cross-site scripting (XSS) vectors in the application.
GHSA
Teampass Cross-site Scripting vulnerability
ghsa·2023-06-10
CVE-2023-3190 [MEDIUM] CWE-116 Teampass Cross-site Scripting vulnerability
Teampass Cross-site Scripting vulnerability
In versions of nilsteampassnet/teampass prior to 3.0.9 some user input was not properly sanitized which may have lead to stored cross-site scripting (XSS) vectors in the application.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705https://huntr.dev/bounties/5562c4c4-0475-448f-a451-7c4666bc7180https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705https://huntr.dev/bounties/5562c4c4-0475-448f-a451-7c4666bc7180
2023-06-10
Published