Skip to main content

Teampass

48 CVEs product

Monthly

CVE-2024-50703 PHP HIGH PATCH This Week

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-50702 PHP MEDIUM PATCH This Month

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-50701 PHP MEDIUM PATCH This Month

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-3565 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3553 PHP HIGH POC PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3552 PHP MEDIUM POC PATCH This Month

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3551 PHP HIGH POC PATCH This Week

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Teampass
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-3531 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3191 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3190 PHP MEDIUM POC PATCH This Month

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-3095 PHP MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Teampass
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-3086 PHP CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2023-3084 PHP HIGH POC PATCH This Week

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-3083 PHP HIGH POC PATCH This Week

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
8.7
EPSS
0.7%
CVE-2023-3009 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-2859 PHP HIGH POC PATCH This Week

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Teampass
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-2591 PHP MEDIUM POC PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2516 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2021 PHP MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1545 PHP HIGH POC PATCH This Week

SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Teampass
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
8.4%
CVE-2023-1463 PHP MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1070 PHP HIGH POC PATCH This Week

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2022-26980 PHP MEDIUM POC PATCH This Month

Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Teampass
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2020-11671 PHP HIGH POC This Week

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Teampass
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2020-12479 PHP HIGH POC This Week

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Teampass
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2020-12478 PHP HIGH POC This Week

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teampass
NVD GitHub
CVSS 3.1
7.5
EPSS
8.6%
CVE-2020-12477 PHP HIGH POC This Week

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teampass
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2019-17205 PHP MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2019-17204 PHP MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-17203 PHP MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-16904 PHP MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-12950 PHP MEDIUM POC This Month

An issue was discovered in TeamPass 2.1.27.35. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Teampass
NVD GitHub
CVSS 3.0
5.4
EPSS
0.8%
CVE-2019-1000001 PHP CRITICAL Act Now

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teampass
NVD GitHub
CVSS 3.0
9.8
EPSS
1.7%
CVE-2017-15055 PHP HIGH POC PATCH This Week

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 3.0
8.1
EPSS
0.3%
CVE-2017-15054 PHP HIGH POC PATCH This Week

An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

PHP File Upload Teampass
NVD GitHub
CVSS 3.0
7.5
EPSS
1.9%
CVE-2017-15053 PHP MEDIUM POC PATCH This Month

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-15052 PHP MEDIUM POC PATCH This Month

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 3.0
4.9
EPSS
0.2%
CVE-2017-15051 PHP MEDIUM POC PATCH This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.0
5.4
EPSS
0.1%
CVE-2017-15278 PHP MEDIUM PATCH This Month

Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Teampass
NVD GitHub
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-9436 PHP CRITICAL PATCH Act Now

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Teampass
NVD GitHub
CVSS 3.0
9.8
EPSS
0.2%
CVE-2015-7564 PHP CRITICAL POC PATCH Act Now

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Teampass
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
2.3%
CVE-2015-7563 HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Teampass
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2015-7562 PHP MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub Exploit-DB
CVSS 3.0
6.1
EPSS
1.0%
CVE-2014-3774 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Teampass
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2014-3773 HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Teampass
NVD GitHub
CVSS 2.0
7.5
EPSS
0.4%
CVE-2014-3772 HIGH POC PATCH This Week

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 2.0
7.5
EPSS
0.3%
CVE-2014-3771 HIGH POC PATCH This Week

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
CVSS 2.0
7.5
EPSS
0.3%
CVE-2012-2234 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Teampass
NVD GitHub Exploit-DB
CVSS 2.0
4.3
EPSS
2.5%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Teampass
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Teampass
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Teampass
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM POC PATCH This Month

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Teampass
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Teampass
NVD GitHub
EPSS 1% CVSS 9.0
CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC PATCH This Week

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 8.7
HIGH POC PATCH This Week

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 8% CVSS 7.5
HIGH POC PATCH This Week

SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Teampass
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Teampass
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC PATCH This Week

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Teampass
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Teampass
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Teampass
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Teampass
NVD GitHub
EPSS 9% CVSS 7.5
HIGH POC This Week

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teampass
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teampass
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teampass
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue was discovered in TeamPass 2.1.27.35. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Teampass
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL Act Now

TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teampass
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An arbitrary file upload vulnerability, present in TeamPass before 2.1.27.9, allows remote authenticated users to upload arbitrary files leading to Remote Command Execution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

PHP File Upload Teampass
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM POC PATCH This Month

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM POC PATCH This Month

TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting users.queries.php. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Teampass
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Teampass
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi PHP Teampass
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Teampass
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub Exploit-DB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS PHP Teampass
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP SQLi Teampass
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP Privilege Escalation Teampass
NVD GitHub
EPSS 3% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Teampass
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy