Lucene search
GitHub Advisory DatabaseGHSA-H5G9-2P35-54C7HistoryMay 31, 2023 - 3:30 p.m.
nilsteampassnet/teampass vulnerable to cross-site scripting
2023-05-3115:30:18
CWE-79
GitHub Advisory Database
github.com
6
cross-site scripting}{github repository}{shared folder}{malicious code}{user access
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.7%
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. This enables an attacker to inject malicious code into a shared folder, which can then be executed by other users who have access to the folder.
Affected configurations
Node
nilsteampassnetteampassRange<3.0.9
| CPE | Name | Operator | Version |
|---|---|---|---|
| nilsteampassnet/teampass | lt | 3.0.9 |
Related
osv
osv
nilsteampassnet/teampass vulnerable to cross-site scripting
2023-05-31 15:30:18
CVE-2023-3009
2023-05-31 13:15:10
veracode
veracode
Cross Site Scripting (XSS)
2023-06-12 12:32:27
cve
cve
CVE-2023-3009
2023-05-31 13:15:10
cvelist
cvelist
prion
prion
Cross site scripting
2023-05-31 13:15:00
nvd
nvd
CVE-2023-3009
2023-05-31 13:15:10
huntr
huntr
Stored XSS on item name - Bypass of (CVE-2023-2516)
2023-05-26 05:57:35
openvas
openvas
TeamPass < 3.0.9 Multiple Vulnerabilities
2023-05-25 00:00:00
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
23.7%
Related for GHSA-H5G9-2P35-54C7