Cross-Site Scripting Vulnerabilities in TeamPass by TeamPass
CVE-2015-7562

6.1MEDIUM

Key Information:

Vendor: Teampass
Status: Teampass
Vendor: CVE Published:; 12 April 2017

Badges

👾 Exploit Exists

What is CVE-2015-7562?

Multiple XSS vulnerabilities in TeamPass versions 2.1.24 and earlier allow attackers to execute arbitrary web scripts or HTML. This occurs via manipulation of item label values or role names, potentially compromising the security of the application and allowing unauthorized actions to be executed on behalf of legitimate users. Proper input sanitization and validation are essential to mitigate these vulnerabilities.

References

https://www.exploit-db.com/exploits/39559/

exploitx_refsource_EXPLOIT-DB

https://github.com/nilsteampassnet/TeamPass/pull/1140

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Apr 12, 2017
👾
Exploit known to exist
Apr 12, 2017
Vulnerability published
Apr 12, 2017
Vulnerability Reserved
Sep 29, 2015

CVE-2015-7562 Data

JSON

Teampass

Badges

What is CVE-2015-7562?

References

CVSS V3.1

Timeline