PT-2019-14998 · Teampass · Teampass

Lebiko

Published

2019-10-05

Updated

2022-05-24

CVE-2019-17203

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions TeamPass version 2.1.27.36

Description The issue allows for Stored XSS at the Search page. This occurs by setting a crafted password for an item in any folder.

Recommendations For version 2.1.27.36, consider restricting access to the Search page until a fix is available. As a temporary workaround, avoid using crafted passwords for items in any folder to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-17203

GHSA-PQX8-Q35P-PGCV

Affected Products

Teampass

PT-2019-14998 · Teampass · Teampass

CVE-2019-17203

Weakness Enumeration

Related Identifiers

Affected Products

References · 5