Title: ETeamPass v2.1.5 (users.queries.php) Persistent Cross-Site
Scripting (XSS)
Type: Remote
Severity: Medium
Impact: Direct execution of arbitrary code in the context of Webserver user.
Release Date: 16.04.2012
CVE: CVE-2012-2234
Author: Marcos Garcia (@artsweb)
Release mode: Coordinated release

Summary
=======

TeamPass is a Passwords Manager dedicated for managing passwords in a
collaborative way on any server Apache, MySQL and PHP.

Description
===========

A Persistent Cross Site Scripting vulnerability was found in TeamPass,
because the application fails to sanitize user-supplied input. The
vulnerability can be triggered by any user.


Vendor
======

TeamPass - http://www.teampass.net/


Affected Version
================

2.1.5

PoC
===
Attack: login=[XSS] (POST)

POST /TeamPass/sources/users.queries.php HTTP/1.1
type=add_new_user&login=[XSS]&pw=testing2&email=test&admin=false&manager=true&read_only=false&personal_folder=false&new_folder_role_domain=false&domain=test&key=key


Solution
========

Upgrade to TeamPass v2.1.6 (http://www.teampass.net/download/)