546 matches found
TeamPass 2.1.27.36 - Improper Authentication
TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-12478 info...
CVE-2026-3107
Stored Cross-Site Scripting XSS in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicio...
CVE-2026-3106
Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...
EUVD-2026-17347
Stored Cross-Site Scripting XSS in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicio...
CVE-2026-3107
Stored Cross-Site Scripting XSS in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicio...
CVE-2026-3106
Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...
CVE-2026-3107
Stored Cross-Site Scripting XSS in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicio...
CVE-2026-3107 Multiple vulnerabilities in Teampass
Stored Cross-Site Scripting XSS in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicio...
CVE-2026-3107
CVE-2026-3107 concerns a Stored XSS in Teampass prior to 3.1.5.16, impacting the password import endpoint redacted/index.php?page=items. The issue arises from failure to sanitize/encode user input during import, allowing a JavaScript payload to be persistently stored in the database. When other u...
CVE-2026-3107 Multiple vulnerabilities in Teampass
Stored Cross-Site Scripting XSS in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicio...
CVE-2026-3106
CVE-2026-3106 describes a Blind Cross-Site Scripting (XSS) vulnerability in Teampass, affecting versions prior to 3.1.5.16. The issue resides in the password manager login flow, specifically the login form parameter labeled ‘contraseña’ in the redacted/index.php page. During failed authentication...
CVE-2026-3106 Multiple vulnerabilities in Teampass
Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...
EUVD-2026-17345
Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...
CVE-2026-3106
Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...
CVE-2026-3106 Multiple vulnerabilities in Teampass
Blind Cross-Site Scripting XSS in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information...
PT-2026-29212
Name of the Vulnerable Software and Affected Versions Teampass versions prior to 3.1.5.16 Description The application does not properly clean or encode user-provided information during failed authentication attempts. Specifically, the contraseña parameter within the login form at...
PT-2026-29213
Stored Cross-Site Scripting XSS in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode user-input data during the import process, allowing malicio...
TeamPass 跨站脚本漏洞
TeamPass is an open-source password manager developed by Nils Laumaillé. Versions of TeamPass prior to 3.1.5.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from the password import function not properly cleaning and encoding user input data, which could lead to...
TeamPass 跨站脚本漏洞
TeamPass is an open-source password manager developed by Nils Laumaillé. Versions of TeamPass prior to 3.1.5.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning or encoding of user input in the “contraseña” parameter of the login form, which could...
CVE-2020-12479
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...