Teampass » Teampass : Security Vulnerabilities, CVEs,

CVE-2023-3565

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-07-10
Updated
2023-07-19

CVE-2023-3553

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
Max CVSS
7.5
EPSS Score
0.08%
Published
2023-07-08
Updated
2023-07-14

CVE-2023-3552

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
Max CVSS
7.6
EPSS Score
0.05%
Published
2023-07-08
Updated
2023-07-14

CVE-2023-3551

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
Max CVSS
9.1
EPSS Score
0.05%
Published
2023-07-08
Updated
2023-07-14

CVE-2023-3531

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
Max CVSS
8.1
EPSS Score
0.05%
Published
2023-07-06
Updated
2023-07-11

CVE-2023-3191

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Max CVSS
8.1
EPSS Score
0.05%
Published
2023-06-10
Updated
2023-06-15

CVE-2023-3190

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Max CVSS
4.6
EPSS Score
0.05%
Published
2023-06-10
Updated
2023-06-15

CVE-2023-3095

Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-06-04
Updated
2023-06-09

CVE-2023-3086

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Max CVSS
9.0
EPSS Score
0.05%
Published
2023-06-03
Updated
2023-06-09

CVE-2023-3084

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Max CVSS
8.1
EPSS Score
0.09%
Published
2023-06-03
Updated
2023-06-09

CVE-2023-3083

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Max CVSS
8.7
EPSS Score
0.05%
Published
2023-06-03
Updated
2023-06-09

CVE-2023-3009

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Max CVSS
8.1
EPSS Score
0.05%
Published
2023-05-31
Updated
2023-06-06

CVE-2023-2859

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.
Max CVSS
8.8
EPSS Score
0.10%
Published
2023-05-24
Updated
2023-05-30

CVE-2023-2591

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
Max CVSS
7.1
EPSS Score
0.07%
Published
2023-05-09
Updated
2023-05-15

CVE-2023-2516

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
Max CVSS
5.4
EPSS Score
0.05%
Published
2023-05-05
Updated
2023-05-10

CVE-2023-2021

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.
Max CVSS
5.8
EPSS Score
0.06%
Published
2023-04-13
Updated
2023-04-21

CVE-2023-1545

SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
Max CVSS
7.5
EPSS Score
0.12%
Published
2023-03-21
Updated
2023-03-24

CVE-2023-1463

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.
Max CVSS
6.3
EPSS Score
0.08%
Published
2023-03-17
Updated
2023-04-26

CVE-2023-1070

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.
Max CVSS
7.1
EPSS Score
0.07%
Published
2023-02-27
Updated
2023-03-07

CVE-2022-26980

Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.
Max CVSS
6.1
EPSS Score
0.07%
Published
2022-03-28
Updated
2022-04-04

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
Max CVSS
8.8
EPSS Score
0.08%
Published
2020-04-29
Updated
2020-05-01

CVE-2020-12478

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
Max CVSS
7.5
EPSS Score
1.50%
Published
2020-04-29
Updated
2021-07-21

CVE-2020-12477

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
Max CVSS
7.5
EPSS Score
0.41%
Published
2020-04-29
Updated
2021-07-21

CVE-2020-11671

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.
Max CVSS
8.1
EPSS Score
0.08%
Published
2020-05-04
Updated
2021-07-21

CVE-2019-1000001

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.
Max CVSS
9.8
EPSS Score
0.22%
Published
2019-02-04
Updated
2020-08-24
45 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close