Lucene search
Bisicetea19FED157-128D-4BFB-A30E-EADF748CBD1AHistoryJun 04, 2023 - 3:03 p.m.
Stored XSS in many configuration fields
2023-06-0415:03:59
bisicetea
www.huntr.dev
9
stored xss
configuration fields
options
mfa
api
emails
0.001 Low
EPSS
Percentile
32.8%
Description
Paste the XSS payload into the configuration fields. And I think there are many fields to configure that can be vulnerable to Stored XSS vulnerabilities, such as configuration fields in Options, MFA, API, Emails,… hope you check it too.
Proof of Concept
https://drive.google.com/file/d/1RDoq3qFFiWsIPltiAFlum5V0wYfZ41FN/view
Acknowledge
Tran Van Nhan from bl4ckh0l3 of GalaxyOne
Related
github
github
Teampass Cross-site Scripting vulnerability
2023-06-10 09:30:16
prion
prion
Cross site scripting
2023-06-10 09:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-3191
2023-06-10 09:15:09
cve
cve
CVE-2023-3191
2023-06-10 09:15:09
veracode
veracode
Cross-site Scripting (XSS)
2023-07-25 06:59:52
osv
osv
Teampass Cross-site Scripting vulnerability
2023-06-10 09:30:16
CVE-2023-3191
2023-06-10 09:15:09
openvas
openvas
TeamPass < 3.0.9 Multiple Vulnerabilities
2023-05-25 00:00:00