CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

nilsteampassnet/teampass is vulnerable to Improper access control. The vulnerability is due to the application failing to properly validate whether a folder belongs to the user's allowed folders list defined by an admin, allowing an attacker to bypass access restrictions and access unauthorized...

4.3CVSS6.6AI score0.00128EPSS

Exploits0References5Affected Software1

Veracode•added 2023/07/23 9:50 p.m.•18 views

Improper Access Control

nilsteampassnet/teampass is vulnerable to Improper Access Control. A remote authenticated attacker is able to gain access to read the information of other users via guessing and editing the ID on the request, resulting in disclosure of sensitive information...

6.5CVSS6.6AI score0.00056EPSS

Exploits1References4Affected Software1

NVD•added 2023/07/10 4:15 p.m.•11 views

CVE-2023-3565

Cross-site Scripting XSS - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10...

5.4CVSS5.1AI score0.00119EPSS

Exploits1References2

CVE•added 2023/07/08 1:24 p.m.•39 views

CVE-2023-3565

CVE-2023-3565 corresponds to a Cross-site Scripting (XSS) vulnerability in TeamPass (nilsteampassnet/teampass) prior to version 3.0.10. Multiple connected records confirm the issue as a generic XSS condition in the GitHub repo, with remediation guidance to upgrade to 3.0.10 or newer. Some sources...

5.4CVSS5.1AI score0.00119EPSS

Exploits1References2Affected Software1

CVE•added 2023/07/08 8:19 a.m.•128 views

CVE-2023-3552

The CVE-2023-3552 entry concerns TeamPass (nilsteampassnet/teampass) prior to version 3.0.10, where improper encoding or escaping of output enables cross-site scripting in folder names. The root cause is insufficient encoding/escaping of outputs, allowing injection of malicious content into the i...

7.6CVSS5.7AI score0.00322EPSS

Exploits1References2Affected Software1

CVE•added 2023/07/08 8:5 a.m.•179 views

CVE-2023-3551

CVE-2023-3551 applies to nilsteampassnet/teampass prior to 3.0.10, where a lack of input restrictions allows code injected into tp.config.php to be executed (Remote Code Execution). Documented impact is high/critical with network-based access and no required user interaction. remediation is to up...

9.1CVSS7.3AI score0.00213EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2023/07/06 7:18 p.m.•10 views

CVE-2023-3531 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass

Cross-site Scripting XSS - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10...

8.1CVSS5.9AI score0.00128EPSS

Exploits1References2

CVE•added 2023/07/06 7:18 p.m.•35 views

CVE-2023-3531

CVE-2023-3531: Cross-site Scripting (XSS) in nilsteampassnet/teampass prior to 3.0.10. The vulnerability is described as a stored XSS on the Search page, resulting from insufficient input sanitization in the pages/item component. Exploitation details are not consistently provided across documents...

8.1CVSS5.5AI score0.00128EPSS

Exploits1References2Affected Software1