Vulnerabilities > Teampass > Teampass > 2.1.27.36
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-04-29 | CVE-2020-12479 | Path Traversal vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | 6.5 |
| 2020-04-29 | CVE-2020-12478 | Injection vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. | 5.0 |
| 2020-04-29 | CVE-2020-12477 | Information Exposure vulnerability in Teampass 2.1.27.36 The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | 5.0 |
| 2019-10-05 | CVE-2019-17205 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. | 4.3 |
| 2019-10-05 | CVE-2019-17204 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | 3.5 |
| 2019-10-05 | CVE-2019-17203 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | 3.5 |
| 2019-09-26 | CVE-2019-16904 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. | 3.5 |