CVE-2023-3009

Name of the Vulnerable Software and Affected Versions teampass versions prior to 3.0.9

Description The issue is related to a Cross-site Scripting (XSS) - Stored vulnerability in the teampass GitHub repository. This vulnerability is associated with the lack of protection measures for the web page structure, allowing a remote attacker to perform inter-site script attacks. The exploitation of this vulnerability enables an attacker to inject malicious code into a shared folder, which can then be executed by other users who have access to the folder.

Recommendations For versions prior to 3.0.9, update to version 3.0.9 or later to resolve the issue. As a temporary workaround, consider restricting access to shared folders to minimize the risk of exploitation. Avoid using shared folders until the issue is resolved.