TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.