CVE-2022-26980

Name of the Vulnerable Software and Affected Versions Teampass version 2.1.26

Description The issue allows for reflected XSS via the "index.php" PATH INFO. This can be exploited when someone opens a link to the Teampass Password Manager index page that contains a malicious payload.

Recommendations For Teampass version 2.1.26, consider disabling access to the index.php file until a patch is available. As a temporary workaround, restrict users from opening links with potentially malicious payloads to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.