CVE-2019-16904

Published: Sep 26, 2019Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)

Affected (1)

Products: Teampass: Teampass

Teampass

1 product

Teampass

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Teampass Teampass	Version 2.1.27.36

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://github.com/nilsteampassnet/TeamPass/issues/2685

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/nilsteampassnet/TeamPass/issues/2685

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.