CVE-2015-7562

MEDIUM6.1EPSS 0.78%

TeamPass vulnerable to Cross-site Scripting

發布日:2022/5/17修改日:2025/4/22

描述

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.

受影響套件(1)

Packagist/nilsteampassnet/teampassfrom 0, < 2.1.25

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-7562
PATCHhttps://github.com/nilsteampassnet/TeamPass
WEBhttps://github.com/nilsteampassnet/TeamPass/pull/1140
WEBhttps://www.exploit-db.com/exploits/39559