SysPass 安全漏洞

SysPass is a system password manager by RubénD Personal Developer. A security vulnerability exists in SysPass version 3.2.x. The vulnerability stems from the file upload feature not handling special characters correctly, resulting in a source code leak...

CVE-2025-25476

CVE-2025-25476 describes a stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x. A malicious user with elevated privileges can execute arbitrary JavaScript by injecting a payload into the notification type or notification component. The affected software/version is SysPass 3.2.x; the ...

CVE-2025-25478

The CVE-2025-25478 issue affects Syspass 3.2.x and stems from the account file upload feature mishandling special characters in filenames. This mismanagement can disclose the web application’s source code and sensitive data (e.g., database password). Multiple sources corroborate the vulnerability...

sysPass 注入漏洞

SysPass is a system password manager by RubénD Individual Developers. An injection vulnerability exists in sysPass version 3.2x, which stems from host header injection and could lead to the execution of malicious JS files...

SysPass 跨站脚本漏洞

SysPass is a system password manager by RubénD Individual Developers. A security vulnerability exists in SysPass 3.2.x. An attacker can exploit the vulnerability to execute arbitrary Javascript code...

PT-2025-9139 · Syspass · Syspass

Name of the Vulnerable Software and Affected Versions: SysPass versions 3.2.x Description: A stored cross-site scripting XSS vulnerability allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or...

PT-2025-9140 · Syspass · Syspass

Name of the Vulnerable Software and Affected Versions: Syspass versions 3.2.x Description: The account file upload functionality in Syspass fails to properly handle special characters in filenames, leading to the disclosure of the web application's source code and exposing sensitive information...

CVE-2025-25476

A stored cross-site scripting XSS vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component...

CVE-2025-25478

The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password...

CVE-2025-25477

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...

CVE-2025-25477

A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser...

CVE-2025-25477

The CVE-2025-25477 entry concerns SysPass 3.2.x, where a host header injection flaw allows loading malicious JavaScript from an arbitrary domain that would execute in a victim’s browser. The root cause is host header injection in SysPass; impact is demonstrated as high confidentiality and integri...

PT-2025-9042 · Syspass · Syspass

Name of the Vulnerable Software and Affected Versions: SysPass versions 3.2.x Description: A host header injection vulnerability in SysPass allows an attacker to load malicious JS files from an arbitrary domain, which would be executed in the victim's browser. Recommendations: For SysPass version...

CVE-2024-42904

A cross-site scripting XSS vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php...

CVE-2024-42904

A cross-site scripting XSS vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php...

sysPass 安全漏洞

sysPass is a system password manager by RubénD Personal Developer. A security vulnerability exists in sysPass version 3.2.x, which stems from vulnerability to cross-site scripting attacks. An attacker can exploit the vulnerability to execute arbitrary web script or HTML by injecting a specially...

CVE-2024-42904

A cross-site scripting XSS vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php...

CVE-2024-42904

A cross-site scripting XSS vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php...

CVE-2024-42904

CVE-2024-42904 affects SysPass 3.2.x. A cross-site scripting (XSS) vulnerability exists where attackers can inject arbitrary web scripts/HTML via the name parameter at /Controllers/ClientController.php. Reports from Red Hat, NVD, OSV, CNNVD and CVE/CVE-list entries confirm the same issue. The ava...

CVE-2022-4930

A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to...