Lucene search
Mnqazi2929FACA-5822-4636-8F04-CA5E0001361FHistoryMay 26, 2023 - 5:57 a.m.
Stored XSS on item name - Bypass of (CVE-2023-2516)
2023-05-2605:57:35
mnqazi
www.huntr.dev
5
xss
stored
vulnerability
item
name
bypass
cve-2023-2516
0.001 Low
EPSS
Percentile
23.7%
Description
first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert.
This is the bypass of CVE-2023-2516
Proof of Concept
https://drive.google.com/file/d/1tdnqjROAZOxCayaUCAjfLLwkvuQehGy1/view?usp=sharing
Related
osv
osv
CVE-2023-2516
2023-05-05 19:15:15
Cross Site Scripting in nilsteampassnet/teampass
2023-05-05 21:31:11
nilsteampassnet/teampass vulnerable to cross-site scripting
2023-05-31 15:30:18
veracode
veracode
Cross-Site Scripting (XSS)
2023-05-26 10:49:08
Cross Site Scripting (XSS)
2023-06-12 12:32:27
cve
cve
CVE-2023-3009
2023-05-31 13:15:10
CVE-2023-2516
2023-05-05 19:15:15
github
github
nilsteampassnet/teampass vulnerable to cross-site scripting
2023-05-31 15:30:18
Cross Site Scripting in nilsteampassnet/teampass
2023-05-05 21:31:11
cvelist
cvelist
huntr
huntr
Stored XSS on items in Folder
2023-04-23 22:21:31
prion
prion
Cross site scripting
2023-05-05 19:15:00
Cross site scripting
2023-05-31 13:15:00
nvd
nvd
CVE-2023-2516
2023-05-05 19:15:15
CVE-2023-3009
2023-05-31 13:15:10
openvas
openvas
TeamPass < 3.0.7 Multiple Vulnerabilities
2023-05-08 00:00:00
TeamPass < 3.0.9 Multiple Vulnerabilities
2023-05-25 00:00:00