4 matches found
Stored XSS on item name - Bypass of (CVE-2023-2516)
Description first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert. This is the bypass of...
TeamPass < 3.0.7 Multiple Vulnerabilities
TeamPass is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:teampass:teampass"; ifdescription...
CVE-2023-2516 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7...
CVE-2023-2516
Summary: CVE-2023-2516 is a stored XSS vulnerability in nilsteampassnet/teampass prior to 3.0.7. When two users have access to the same folder, creating a new item and inserting an XSS payload into the item’s name can trigger the XSS when the item is viewed by another user. This affects Teampass ...