RSS   Podatności dla 'Teampass'   RSS

2022-03-28
 
CVE-2022-26980

CWE-79
 

 
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.

 
2020-05-04
 
CVE-2020-11671

CWE-269
 

 
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.

 
2020-04-29
 
CVE-2020-12479

CWE-22
 

 
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.

 
 
CVE-2020-12478

CWE-74
 

 
TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.

 
 
CVE-2020-12477

CWE-200
 

 
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.

 
2019-10-05
 
CVE-2019-17205

CWE-79
 

 
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.

 
 
CVE-2019-17204

CWE-79
 

 
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.

 
 
CVE-2019-17203

CWE-79
 

 
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.

 
2019-09-26
 
CVE-2019-16904

CWE-79
 

 
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)

 
2019-08-06
 
CVE-2019-12950

CWE-79
 

 
An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.

 


Copyright 2024, cxsecurity.com

 

Back to Top