Cross-Site Scripting Vulnerability in TeamPass by nilsteampassnet
CVE-2017-15278

5.4MEDIUM

Key Information:

Vendor

Teampass

Status
Teampass
Vendor
CVE Published:
12 October 2017

What is CVE-2017-15278?

A Cross-Site Scripting vulnerability exists in TeamPass prior to version 2.1.27.9 due to inadequate data filtration in the /sources/folders.queries.php file. This flaw allows attackers to inject and execute arbitrary HTML and JavaScript code in the user's browser when visiting the compromised website, potentially leading to unauthorized access and data manipulation. To mitigate this risk, users should update to the latest version of TeamPass.

References

https://github.com/nilsteampassnet/TeamPass/releases/tag/...
x_refsource_CONFIRM
https://github.com/nilsteampassnet/TeamPass/commit/f5a765...
x_refsource_CONFIRM
https://github.com/nilsteampassnet/TeamPass/blob/master/c...
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.