Bruno Caseiro

**Name of the Vulnerable Software and Affected Versions** TeamPasswordManager versions prior to 12.162.284 **Description** A Cross Site Scripting (XSS) issue exists that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user. This is achieved by including a malicious payload into the `name` parameter when creating a new password in the "My Passwords" page. **Recommendations** For versions prior to 12.162.284, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of the `name` parameter in the "My Passwords" page to minimize the risk of arbitrary JavaScript execution.