Teampass · Teampass · CVE-2022-26980
**Name of the Vulnerable Software and Affected Versions**
Teampass version 2.1.26
**Description**
The issue allows for reflected XSS via the "index.php" PATH INFO. This can be exploited when someone opens a link to the Teampass Password Manager index page that contains a malicious payload.
**Recommendations**
For Teampass version 2.1.26, consider disabling access to the index.php file until a patch is available. As a temporary workaround, restrict users from opening links with potentially malicious payloads to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.