CVE-2014-3774 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Teampass	Teampass

Configuration 1 [-]

OR	cpe:2.3:a:teampass:teampass::beta::::::*
	cpe:2.3:a:teampass:teampass:2.1:::::::*
	cpe:2.3:a:teampass:teampass:2.1.1:::::::*
	cpe:2.3:a:teampass:teampass:2.1.2:::::::*
	cpe:2.3:a:teampass:teampass:2.1.3:::::::*
	cpe:2.3:a:teampass:teampass:2.1.4:::::::*
	cpe:2.3:a:teampass:teampass:2.1.5:::::::*
	cpe:2.3:a:teampass:teampass:2.1.10:::::::*
	cpe:2.3:a:teampass:teampass:2.1.13:::::::*
	cpe:2.3:a:teampass:teampass:2.1.14:::::::*
	cpe:2.3:a:teampass:teampass:2.1.15:::::::*
	cpe:2.3:a:teampass:teampass:2.1.18:::::::*
	cpe:2.3:a:teampass:teampass:2.1.19:::::::*

No data.

References

Link	Providers
http://teampass.net/installation/2.1.20-released.html
http://www.openwall.com/lists/oss-security/2014/05/18/2
http://www.openwall.com/lists/oss-security/2014/05/19/5
https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de
https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-08-07T10:00:00

Updated: 2024-08-06T10:57:16.155Z

Reserved: 2014-05-19T00:00:00

Link: CVE-2014-3774

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-08-07T11:13:35.267

Modified: 2024-11-21T02:08:48.330

Link: CVE-2014-3774

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-26T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-08-07T07:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://teampass.net/installation/2.1.20-released.html"}, {"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3774", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"}, {"name": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de", "refsource": "CONFIRM", "url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"}, {"name": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f", "refsource": "CONFIRM", "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"}, {"name": "http://teampass.net/installation/2.1.20-released.html", "refsource": "CONFIRM", "url": "http://teampass.net/installation/2.1.20-released.html"}, {"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:57:16.155Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20140518 CVE requests / advisory: TeamPass <= 2.1.19", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://teampass.net/installation/2.1.20-released.html"}, {"name": "[oss-security] 20140519 Re: CVE requests / advisory: TeamPass <= 2.1.19", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3774", "datePublished": "2014-08-07T10:00:00", "dateReserved": "2014-05-19T00:00:00", "dateUpdated": "2024-08-06T10:57:16.155Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teampass:teampass:*:beta:*:*:*:*:*:*", "matchCriteriaId": "AB9063A6-CDBF-4EC9-8C4E-86EC28126C8C", "versionEndIncluding": "2.1.20", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4EE854BB-0E8A-4A94-8C33-6698E9663FA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "A54D3A49-EEED-4D7C-B780-AC16ECFEA3F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "3B06F757-3681-466C-BE9C-F8A888FC91C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "9446D190-B201-4364-8E36-B30FE806F3D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "53F6B7D0-58A6-47CC-BB51-F3C1182573C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F94F0FE3-E49E-4A33-9B0F-BC16910CE00F", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "50C89CB6-D623-4F25-BAE4-5E76734E493F", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "F3156DDA-8A35-416A-B606-34DA03B14785", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "C911F27E-8348-45BA-ACAA-481CBD02B674", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "2D025854-0464-40DB-A483-CD98105707E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "414A8AC9-E61B-41B8-8AE8-7BA33DC0C906", "vulnerable": true}, {"criteria": "cpe:2.3:a:teampass:teampass:2.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "62B586C3-E267-4257-9836-D13942C6F55F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en items.php en TeamPass anterior a 2.1.20 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro group, el cual no se maneja debidamente en un elemento de formulario (1) hid_cat o (2) open_folder o (3) el par\u00e1metro id, el cual no se maneja debidamente en el elemento de formulario open_id."}], "id": "CVE-2014-3774", "lastModified": "2024-11-21T02:08:48.330", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-08-07T11:13:35.267", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://teampass.net/installation/2.1.20-released.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://teampass.net/installation/2.1.20-released.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/05/18/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2014/05/19/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}