Vulnerabilities > Teampass

DATE	CVE	VULNERABILITY TITLE	RISK
2023-05-09	CVE-2023-2591	Cross-site Scripting vulnerability in Teampass Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7. network low complexity teampass CWE-79	5.4
2023-05-05	CVE-2023-2516	Cross-site Scripting vulnerability in Teampass Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. network low complexity teampass CWE-79	5.4
2023-04-13	CVE-2023-2021	Cross-site Scripting vulnerability in Teampass Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3. network low complexity teampass CWE-79	5.4
2023-03-21	CVE-2023-1545	SQL Injection vulnerability in Teampass SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. network low complexity teampass CWE-89	7.5
2023-03-17	CVE-2023-1463	Authorization Bypass Through User-Controlled Key vulnerability in Teampass Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. network low complexity teampass CWE-639	5.4
2023-02-27	CVE-2023-1070	External Control of File Name or Path vulnerability in Teampass External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. network low complexity teampass CWE-73	7.1
2022-03-28	CVE-2022-26980	Cross-site Scripting vulnerability in Teampass 2.1.26 Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. network teampass CWE-79	4.3
2020-05-04	CVE-2020-11671	Improper Privilege Management vulnerability in Teampass Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. network teampass CWE-269	5.8
2020-04-29	CVE-2020-12479	Path Traversal vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. network low complexity teampass CWE-22	6.5
2020-04-29	CVE-2020-12478	Injection vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. network low complexity teampass CWE-74	5.0

Vulnerabilities > Teampass {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Teampass"}]}

Vulnerabilities > Teampass