Vulnerabilities > Teampass > High

DATE CVE VULNERABILITY TITLE RISK
2023-07-08 CVE-2023-3551 Code Injection vulnerability in Teampass
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
network
low complexity
teampass CWE-94
7.2
7.2
2023-07-08 CVE-2023-3553 Information Exposure vulnerability in Teampass
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
network
low complexity
teampass CWE-200
7.5
7.5
2023-06-03 CVE-2023-3084 Cross-site Scripting vulnerability in Teampass
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
network
low complexity
teampass CWE-79
8.1
8.1
2023-06-03 CVE-2023-3083 Cross-site Scripting vulnerability in Teampass
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
network
low complexity
teampass CWE-79
8.7
8.7
2023-05-24 CVE-2023-2859 Code Injection vulnerability in Teampass
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
network
low complexity
teampass CWE-94
8.8
8.8
2023-03-21 CVE-2023-1545 SQL Injection vulnerability in Teampass
SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
network
low complexity
teampass CWE-89
7.5
7.5
2023-02-27 CVE-2023-1070 External Control of File Name or Path vulnerability in Teampass
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
network
low complexity
teampass CWE-73
7.1
7.1
2017-06-05 CVE-2017-9436 SQL Injection vulnerability in Teampass
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.
network
low complexity
teampass CWE-89
7.5
7.5
2017-04-12 CVE-2015-7564 SQL Injection vulnerability in Teampass
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
network
low complexity
teampass CWE-89
7.5
7.5
2014-08-07 CVE-2014-3773 SQL Injection vulnerability in Teampass
Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/.
network
low complexity
teampass CWE-89
7.5
7.5