Vulnerabilities > Teampass > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-27 | CVE-2017-15053 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. | 4.0 |
| 2017-11-27 | CVE-2017-15052 | Improper Privilege Management vulnerability in Teampass TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. | 4.0 |
| 2017-04-12 | CVE-2015-7563 | Cross-Site Request Forgery (CSRF) vulnerability in Teampass Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. | 6.8 |
| 2017-04-12 | CVE-2015-7562 | Cross-site Scripting vulnerability in Teampass Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. | 4.3 |
| 2014-08-07 | CVE-2014-3774 | Cross-Site Scripting vulnerability in Teampass Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element. | 4.3 |
| 2012-04-22 | CVE-2012-2234 | Cross-Site Scripting vulnerability in Teampass Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action. | 4.3 |