CVE-2019-16904

Name of the Vulnerable Software and Affected Versions TeamPass version 2.1.27.36

Description The issue allows for Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. The crafted password is exploitable when viewing the change history of the item or tapping on the item. This can also occur when sharing an item with an admin and the crafted password is viewed in the change history or the previous used password field.

Recommendations For TeamPass version 2.1.27.36, as a temporary workaround, consider restricting the ability to set crafted passwords for items in common available folders or shared with admins until a patch is available. Avoid using the password field in a way that could introduce malicious code, especially when sharing items with admins or viewing change histories.