cbcvebase.

Nilsteampassnet Teampass vulnerabilities

41 known vulnerabilities affecting nilsteampassnet/teampass.

Total CVEs
41
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH14MEDIUM21

Vulnerabilities

Page 2 of 3
CVE-2017-15053P4MEDIUM≥ 0, < 2.1.27.92022-05-13
CVE-2017-15053 [MEDIUM] CWE-269 TeamPass Improper Privilege Management TeamPass Improper Privilege Management TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerability, an authenticated attacker must have the manager rights on the application, then tamper with the requests sent directly, for exa
ghsaosv
CVE-2023-1463P4MEDIUM≥ 0, < 3.0.0.232023-03-17
CVE-2023-1463 [MEDIUM] CWE-285 Improper Authorization in nilsteampassnet/teampass Improper Authorization in nilsteampassnet/teampass Improper Authorization in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
ghsaosv
CVE-2024-50702P4MEDIUM≥ 0, < 3.1.3.12024-12-30
CVE-2024-50702 [MEDIUM] CWE-266 TeamPass mail_me operation authorization issue TeamPass mail_me operation authorization issue TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager.
ghsaosv
CVE-2019-12950P4MEDIUM≥ 0, ≤ 2.1.27.352022-05-24
CVE-2019-12950 [MEDIUM] CWE-79 TeamPass Cross-site Scripting (XSS) TeamPass Cross-site Scripting (XSS) An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.
ghsaosv
CVE-2019-16904P4MEDIUM≥ 0, ≤ 2.1.27.362022-05-24
CVE-2019-16904 [MEDIUM] CWE-79 TeamPass Cross-site Scripting (XSS) vulnerability TeamPass Cross-site Scripting (XSS) vulnerability TeamPass 2.1.27.36 allows XSS by setting a crafted password for an item in a folder, and then sharing that item with an admin. (The crafted password is exploitable when viewing the change history, or the previous used password field.)
ghsaosv
CVE-2023-3531P4HIGH≥ 0, < 3.0.102023-07-06
CVE-2023-3531 [HIGH] CWE-79 TeamPass Cross-site Scripting vulnerability TeamPass Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
ghsaosv
CVE-2019-17205P4MEDIUM≥ 0, ≤ 2.1.27.362022-05-24
CVE-2019-17205 [MEDIUM] CWE-79 TeamPass Stored Cross-site Scripting TeamPass Stored Cross-site Scripting TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
ghsaosv
CVE-2017-15051P4MEDIUM≥ 0, < 2.1.27.92022-05-17
CVE-2017-15051 [MEDIUM] CWE-79 TeamPass stored cross-site scripting (XSS) vulnerability TeamPass stored cross-site scripting (XSS) vulnerability Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to sim
ghsaosv
CVE-2017-15278P4MEDIUM≥ 0, < 2.1.27.92022-05-17
CVE-2017-15278 [MEDIUM] CWE-79 TeamPass Cross-Site Scripting (XSS) TeamPass Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
ghsaosv
CVE-2023-3009P4MEDIUM≥ 0, < 3.0.92023-05-31
CVE-2023-3009 [MEDIUM] CWE-79 nilsteampassnet/teampass vulnerable to cross-site scripting nilsteampassnet/teampass vulnerable to cross-site scripting Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. This enables an attacker to inject malicious code into a shared folder, which can then be executed by other users who have access to the folder.
ghsaosv
CVE-2019-17204P4MEDIUM≥ 0, ≤ 2.1.27.362022-05-24
CVE-2019-17204 [MEDIUM] CWE-79 TeamPass Stored Cross-site Scripting TeamPass Stored Cross-site Scripting TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
ghsaosv
CVE-2019-17203P4MEDIUM≥ 0, ≤ 2.1.27.362022-05-24
CVE-2019-17203 [MEDIUM] CWE-79 TeamPass Stored Cross-site Scripting TeamPass Stored Cross-site Scripting TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
ghsaosv
CVE-2023-2516P4MEDIUM≥ 0, < 3.0.72023-05-05
CVE-2023-2516 [MEDIUM] CWE-79 Cross Site Scripting in nilsteampassnet/teampass Cross Site Scripting in nilsteampassnet/teampass nilsteampassnet/teampass prior to version 3.0.7 is vulnerable to cross site scripting (XSS) from item names within a folder.
ghsaosv
CVE-2023-2591P4HIGH≥ 0, < 3.0.72023-05-09
CVE-2023-2591 [HIGH] CWE-79 teampass vulnerable to code injection teampass vulnerable to code injection In nilsteampassnet/teampass prior to 3.0.7, if two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form. The issue is fixed in version 3.0.7.
ghsaosv
CVE-2023-3191P4MEDIUM≥ 0, < 3.0.92023-06-10
CVE-2023-3191 [MEDIUM] CWE-79 Teampass Cross-site Scripting vulnerability Teampass Cross-site Scripting vulnerability In versions of nilsteampassnet/teampass prior to 3.0.9 some user input was not properly sanitized which may have lead to stored cross-site scripting (XSS) vectors in the application.
ghsaosv
CVE-2023-3565P4MEDIUM≥ 0, < 3.0.102023-07-10
CVE-2023-3565 [MEDIUM] CWE-79 TeamPass Cross-site Scripting vulnerability TeamPass Cross-site Scripting vulnerability Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
ghsaosv
CVE-2023-2021P4MEDIUM≥ 0, < 3.0.32023-04-13
CVE-2023-2021 [MEDIUM] CWE-79 nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS) nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS) nilsteampassnet/teampass prior to 3.0.3 is vulnerable to stored cross-site scripting (XSS) in the description parameter of a folder.
ghsaosv
CVE-2022-26980P4MEDIUM≥ 0, ≤ 2.1.262022-03-29
CVE-2022-26980 [MEDIUM] CWE-79 Cross-site Scripting in teampass Cross-site Scripting in teampass Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. Someone must open a link for the Teampass Password Manager index page containing malicious payload.
ghsaosv
CVE-2023-3552P4HIGH≥ 0, < 3.0.102023-07-08
CVE-2023-3552 [HIGH] CWE-116 TeamPass vulnerable to Improper Encoding or Escaping of Output TeamPass vulnerable to Improper Encoding or Escaping of Output TeamPass prior to 3.0.10 is vulnerable to cross-site scripting filter bypass in folder names. This can lead to information disclosure.
ghsaosv
CVE-2023-3190P4MEDIUM≥ 0, < 3.0.92023-06-10
CVE-2023-3190 [MEDIUM] CWE-116 Teampass Cross-site Scripting vulnerability Teampass Cross-site Scripting vulnerability In versions of nilsteampassnet/teampass prior to 3.0.9 some user input was not properly sanitized which may have lead to stored cross-site scripting (XSS) vectors in the application.
ghsaosv
Nilsteampassnet Teampass vulnerabilities | cvebase