PT-2019-15000 · Teampass · Teampass

Lebiko

Published

2019-10-05

Updated

2022-05-24

CVE-2019-17205

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions TeamPass version 2.1.27.36

Description The issue allows for Stored XSS by placing a payload in the username field during a login attempt. When an administrator views the log of failed logins, the XSS payload will be executed.

Recommendations For TeamPass version 2.1.27.36, avoid using the username field in login attempts until the issue is resolved. As a temporary workaround, consider restricting access to the login log to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-17205

GHSA-V969-5V7F-PMG2

Affected Products

Teampass

PT-2019-15000 · Teampass · Teampass

CVE-2019-17205

Weakness Enumeration

Related Identifiers

Affected Products

References · 6