Filtered by vendor Teampass
Subscriptions
Filtered by product Teampass
Subscriptions
Total
45 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-3083 | 1 Teampass | 1 Teampass | 2025-02-12 | 8.7 High |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-2021 | 1 Teampass | 1 Teampass | 2025-02-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3. | ||||
| CVE-2023-2591 | 1 Teampass | 1 Teampass | 2025-01-28 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | ||||
| CVE-2023-3009 | 1 Teampass | 1 Teampass | 2025-01-10 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-3086 | 1 Teampass | 1 Teampass | 2025-01-08 | 9.0 Critical |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-3095 | 1 Teampass | 1 Teampass | 2025-01-08 | 6.5 Medium |
| Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-3084 | 1 Teampass | 1 Teampass | 2025-01-08 | 8.1 High |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-3190 | 1 Teampass | 1 Teampass | 2025-01-06 | 4.6 Medium |
| Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-3191 | 1 Teampass | 1 Teampass | 2025-01-06 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. | ||||
| CVE-2023-3565 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | ||||
| CVE-2023-3553 | 1 Teampass | 1 Teampass | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | ||||
| CVE-2023-3552 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.4 Medium |
| Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | ||||
| CVE-2023-3551 | 1 Teampass | 1 Teampass | 2024-11-21 | 7.2 High |
| Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | ||||
| CVE-2023-3531 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10. | ||||
| CVE-2022-26980 | 1 Teampass | 1 Teampass | 2024-11-21 | 6.1 Medium |
| Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. | ||||
| CVE-2020-12479 | 1 Teampass | 1 Teampass | 2024-11-21 | 8.8 High |
| TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | ||||
| CVE-2020-12478 | 1 Teampass | 1 Teampass | 2024-11-21 | 7.5 High |
| TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files. | ||||
| CVE-2020-12477 | 1 Teampass | 1 Teampass | 2024-11-21 | 7.5 High |
| The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | ||||
| CVE-2020-11671 | 1 Teampass | 1 Teampass | 2024-11-21 | 8.1 High |
| Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default. | ||||
| CVE-2019-17205 | 1 Teampass | 1 Teampass | 2024-11-21 | 6.1 Medium |
| TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | ||||