Stored XSS Vulnerabilities in TeamPass by Teampass.net
CVE-2017-15051

5.4MEDIUM

Key Information:

Vendor: Teampass
Status: Teampass
Vendor: CVE Published:; 27 November 2017

What is CVE-2017-15051?

TeamPass versions prior to 2.1.27.9 are susceptible to multiple stored cross-site scripting vulnerabilities. These vulnerabilities allow authenticated attackers to execute arbitrary script code or HTML by injecting malicious content through the URL field of shared items or via user log history. In the latter case, the attacker must first prepare a harmful payload within their user profile and trick an administrator into making profile modifications. Once the administrator views the log, the malicious script will be executed, potentially compromising the application and user data.

References

http://blog.amossys.fr/teampass-multiple-cve-01.html

x_refsource_MISC

https://github.com/nilsteampassnet/TeamPass/commit/5f16f6...

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2017
Vulnerability Reserved
Oct 6, 2017

CVE-2017-15051 Data

JSON