UBUNTU-CVE-2024-23076

DISPUTED JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /labels/BubbleXYItemLabelGenerator.java. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may...

Exploit for Cross-site Scripting in Teampass

CVE-2023-2591: Stored HTML Injection in Item Label in Teampass...

Stored HTML Injection in Item Label

Description If two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form. Proof of Concept...

Cross-site Scripting (XSS)

Overview nilsteampassnet/teampass is a password manager. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the label value of an item or name of a role. Details Cross-site scripting or XSS is a code vulnerability that occurs when an attacker “injects” a malicious...

CVE-2015-7562

Multiple cross-site scripting XSS vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 label value of an item or 2 name of a role...