Lucene search

Veracode Vulnerability DatabaseVERACODE:41520

HistoryJul 23, 2023 - 8:11 a.m.

Cross-site Scripting (XSS)

2023-07-2308:11:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

teampass

vulnerability

javascript injection

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

40.8%

JSON

nilsteampassnet/teampass is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the name and lastname fields are not properly sanitized in the users.js.php, which allows an attacker to inject and execute malicious javascript.

CPENameOperatorVersion
nilsteampassnet/teampassle3.0.0.11
nilsteampassnet/teampassle3.0.0.11

CPE	Name	Operator	Version
	nilsteampassnet/teampass	le	3.0.0.11
	nilsteampassnet/teampass	le	3.0.0.11

References

github.com/advisories/GHSA-c6fv-3jm9-6r8f

github.com/nilsteampassnet/teampass/commit/79731553fa305d45dabb7a227f3074d56d7c94c1

huntr.dev/bounties/c6b29e46-02e0-43ad-920f-28ac482ea2ab/

8.7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

40.8%

JSON

Related for VERACODE:41520