Lucene search

[email protected]CVE-2014-3774

HistoryAug 07, 2014 - 11:13 a.m.

CVE-2014-3774

2014-08-0711:13:35

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3774

cross-site scripting

xss

vulnerabilities

teampass

web security

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.

Affected configurations

NVD

Node

teampassteampassRange≤2.1.20beta

teampassteampassMatch2.1

teampassteampassMatch2.1.1

teampassteampassMatch2.1.2

teampassteampassMatch2.1.3

teampassteampassMatch2.1.4

teampassteampassMatch2.1.5

teampassteampassMatch2.1.10

teampassteampassMatch2.1.13

teampassteampassMatch2.1.14

teampassteampassMatch2.1.15

teampassteampassMatch2.1.18

teampassteampassMatch2.1.19

CPENameOperatorVersion
teampass:teampassteampassle2.1.20
teampass:teampassteampasseq2.1
teampass:teampassteampasseq2.1.1
teampass:teampassteampasseq2.1.2
teampass:teampassteampasseq2.1.3
teampass:teampassteampasseq2.1.4
teampass:teampassteampasseq2.1.5
teampass:teampassteampasseq2.1.10
teampass:teampassteampasseq2.1.13
teampass:teampassteampasseq2.1.14

CPE	Name	Operator	Version
teampass:teampass	teampass	le	2.1.20
teampass:teampass	teampass	eq	2.1
teampass:teampass	teampass	eq	2.1.1
teampass:teampass	teampass	eq	2.1.2
teampass:teampass	teampass	eq	2.1.3
teampass:teampass	teampass	eq	2.1.4
teampass:teampass	teampass	eq	2.1.5
teampass:teampass	teampass	eq	2.1.10
teampass:teampass	teampass	eq	2.1.13
teampass:teampass	teampass	eq	2.1.14

Rows per page:

1-10 of 131

References

teampass.net/installation/2.1.20-released.html

www.openwall.com/lists/oss-security/2014/05/18/2

www.openwall.com/lists/oss-security/2014/05/19/5

github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de

github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.1%

JSON

Related for CVE-2014-3774

cvelist1 nvd1 prion1 openvas1