CVE-2019-16904

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
References
Link Resource
https://github.com/nilsteampassnet/TeamPass/issues/2685 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*

Information

Published : 2019-09-26 05:15

Updated : 2019-09-27 06:15


NVD link : CVE-2019-16904

Mitre link : CVE-2019-16904


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

teampass

  • teampass