Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
References
Link | Resource |
---|---|
https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9 | Release Notes Third Party Advisory |
https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b | Patch Third Party Advisory |
https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md | Release Notes Third Party Advisory |
Configurations
Information
Published : 2017-10-12 01:29
Updated : 2017-10-26 08:34
NVD link : CVE-2017-15278
Mitre link : CVE-2017-15278
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
teampass
- teampass