Vulnerabilities > Teampass > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-17 CVE-2023-1463 Unspecified vulnerability in Teampass
Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
network
low complexity
teampass
5.4
5.4
2022-03-28 CVE-2022-26980 Cross-site Scripting vulnerability in Teampass 2.1.26
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.
network
low complexity
teampass CWE-79
6.1
6.1
2019-10-05 CVE-2019-17205 Cross-site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt.
network
low complexity
teampass CWE-79
6.1
6.1
2019-10-05 CVE-2019-17204 Cross-site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
network
low complexity
teampass CWE-79
5.4
5.4
2019-10-05 CVE-2019-17203 Cross-site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
network
low complexity
teampass CWE-79
5.4
5.4
2019-09-26 CVE-2019-16904 Cross-site Scripting vulnerability in Teampass 2.1.27.36
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin.
network
low complexity
teampass CWE-79
5.4
5.4
2019-08-06 CVE-2019-12950 Cross-site Scripting vulnerability in Teampass 2.1.27.35
An issue was discovered in TeamPass 2.1.27.35.
network
low complexity
teampass CWE-79
5.4
5.4
2017-11-27 CVE-2017-15053 Improper Privilege Management vulnerability in Teampass
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php.
network
low complexity
teampass CWE-269
4.9
4.9
2017-11-27 CVE-2017-15052 Improper Privilege Management vulnerability in Teampass
TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php.
network
low complexity
teampass CWE-269
4.9
4.9
2017-11-27 CVE-2017-15051 Cross-site Scripting vulnerability in Teampass
Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history.
network
low complexity
teampass CWE-79
5.4
5.4