Lucene search

Veracode Vulnerability DatabaseVERACODE:41555

HistoryJul 23, 2023 - 8:36 p.m.

Cross-Site Scripting (XSS)

2023-07-2320:36:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

teampass

vulnerability

user input

malicious code

front end

attack

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

0.002 Low

EPSS

Percentile

54.1%

JSON

nilsteampassnet/teampass is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly escape the user input before it outputs to the front end, allowing an attacker to inject malicious code as rename payload for the folder of a victim.

CPENameOperatorVersion
nilsteampassnet/teampassle3.0.0.11
nilsteampassnet/teampassle3.0.0.11

CPE	Name	Operator	Version
	nilsteampassnet/teampass	le	3.0.0.11
	nilsteampassnet/teampass	le	3.0.0.11

References

github.com/advisories/GHSA-8vm8-38pc-8xhh

github.com/nilsteampassnet/teampass/commit/61b9b7d4e33bbaad2cd61a7ee988f9c22298bf1a

huntr.dev/bounties/4b86b56b-c51b-4be8-8ee4-6e385d1e9e8a/

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

0.002 Low

EPSS

Percentile

54.1%

JSON

Related for VERACODE:41555