CVE-2023-3191
published 2023-06-10CVE-2023-3191: Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.54%
41.1th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nilsteampassnet | nilsteampassnet_teampass | >= unspecified < 3.0.9 | 3.0.9 |
| nilsteampassnet | teampass | >= 0 < 3.0.9 | 3.0.9 |
| teampass | teampass | < 3.0.9 | 3.0.9 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Teampass Cross-site Scripting vulnerability
osv·2023-06-10
CVE-2023-3191 [MEDIUM] Teampass Cross-site Scripting vulnerability
Teampass Cross-site Scripting vulnerability
In versions of nilsteampassnet/teampass prior to 3.0.9 some user input was not properly sanitized which may have lead to stored cross-site scripting (XSS) vectors in the application.
GHSA
Teampass Cross-site Scripting vulnerability
ghsa·2023-06-10
CVE-2023-3191 [MEDIUM] CWE-79 Teampass Cross-site Scripting vulnerability
Teampass Cross-site Scripting vulnerability
In versions of nilsteampassnet/teampass prior to 3.0.9 some user input was not properly sanitized which may have lead to stored cross-site scripting (XSS) vectors in the application.
Red Hat
kernel: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
vendor_redhat·2025-09-16·CVSS 5.5
CVE-2023-53294 [MEDIUM] kernel: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
kernel: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
Syzbot reported a null-ptr-deref bug:
ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
(512)
ntfs3: loop0: Mark volume as dirty due to NTFS errors
general protection fault, probably for non-canonical address
0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
Call Trace:
d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
lookup_open fs/namei.c:3391 [inline]
open_last_lookups fs/namei.c:3481 [inline]
path_openat+0x
No detection rules found.
No public exploits indexed.
https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705https://huntr.dev/bounties/19fed157-128d-4bfb-a30e-eadf748cbd1ahttps://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705https://huntr.dev/bounties/19fed157-128d-4bfb-a30e-eadf748cbd1a
2023-06-10
Published