Syspass Security Vulnerabilities and Issues — Syspass CVE List

SyspassSyspass

7 matches found

CVE•added 2025/02/28 12:0 a.m.•102 views

CVE-2025-25478

The CVE-2025-25478 issue affects Syspass 3.2.x and stems from the account file upload feature mishandling special characters in filenames. This mismanagement can disclose the web application’s source code and sensitive data (e.g., database password). Multiple sources corroborate the vulnerability...

6.5CVSS6.7AI score0.00077EPSS

CVE•added 2024/09/03 12:0 a.m.•83 views

CVE-2024-42904

CVE-2024-42904 affects SysPass 3.2.x. A cross-site scripting (XSS) vulnerability exists where attackers can inject arbitrary web scripts/HTML via the name parameter at /Controllers/ClientController.php. Reports from Red Hat, NVD, OSV, CNNVD and CVE/CVE-list entries confirm the same issue. The ava...

6.1CVSS5.9AI score0.00196EPSS

Web

CVE•added 2025/02/28 12:0 a.m.•72 views

CVE-2025-25476

CVE-2025-25476 describes a stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x. A malicious user with elevated privileges can execute arbitrary JavaScript by injecting a payload into the notification type or notification component. The affected software/version is SysPass 3.2.x; the ...

5.4CVSS5.5AI score0.00107EPSS

CVE•added 2025/02/27 12:0 a.m.•64 views

CVE-2025-25477

The CVE-2025-25477 entry concerns SysPass 3.2.x, where a host header injection flaw allows loading malicious JavaScript from an arbitrary domain that would execute in a victim’s browser. The root cause is host header injection in SysPass; impact is demonstrated as high confidentiality and integri...

8.1CVSS6.9AI score0.00122EPSS

CVE•added 2023/03/06 3:31 p.m.•57 views

CVE-2022-4930

The CVE-2022-4930 entry concerns nuxsmin sysPass (up to version 3.2.4). The vulnerability is an XSS in the URL Handler that can be exploited remotely. The issue is tied to an unknown functionality, with manipulation leading to cross-site scripting. A fix is available in version 3.2.5, and the pat...

5.4CVSS4.4AI score0.00167EPSS

CVE•added 2017/03/06 6:11 a.m.•45 views

CVE-2017-5999

The vulnerability CVE-2017-5999 affects sysPass 2.x before 2.1. The root cause is a cryptographic implementation using MCRYPT_RIJNDAEL_256() (256-bit block version) instead of MCRYPT_RIJNDAEL_128 (AES). This could allow an attacker to cause unknown havoc on the remote system. The connected source...

7.5CVSS7.4AI score0.00317EPSS

CVE•added 2017/05/31 3:54 a.m.•32 views

CVE-2017-9306

The vulnerability described across multiple sources affects sysPass 2.1.9, specifically the file inc/SP/Html/Html.class.php. It enables remote attackers to bypass the XSS filter by manipulating an SVG onload payload (demonstrated with a "<svg/onload=" substring in place of a proper "<svg on...

6.1CVSS6AI score0.00659EPSS

Web