TeamPass 2.1.5 'login' Field HTML Injection Vulnerability

ID EDB-ID:37087
Type exploitdb
Reporter Marcos Garcia
Modified 2012-04-17T00:00:00


TeamPass 2.1.5 'login' Field HTML Injection Vulnerability. CVE-2012-2234. Webapps exploit for php platform


TeamPass is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.

TeamPass 2.1.5 is vulnerable; other versions may also be affected.

POST /TeamPass/sources/users.queries.php HTTP/1.1