An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.
References
Link | Resource |
---|---|
https://github.com/nilsteampassnet/TeamPass/releases | Release Notes Third Party Advisory |
https://github.com/nilsteampassnet/TeamPass/issues/2638 | Exploit Third Party Advisory |
Configurations
Information
Published : 2019-08-06 10:15
Updated : 2019-08-14 07:46
NVD link : CVE-2019-12950
Mitre link : CVE-2019-12950
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
teampass
- teampass