CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50701
https://notcve.org/view.php?id=CVE-2024-50701
30 Dec 2024 — TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin. • https://github.com/nilsteampassnet/TeamPass/commit/ddbb2d3d94085dced50c4936fd2215af88e4a88d • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50702
https://notcve.org/view.php?id=CVE-2024-50702
30 Dec 2024 — TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager. • https://github.com/nilsteampassnet/TeamPass/commit/35e2b479f2379545b4132bc30a9d052ba7018bf9 • CWE-266: Incorrect Privilege Assignment •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-50703
https://notcve.org/view.php?id=CVE-2024-50703
30 Dec 2024 — TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id. • https://github.com/nilsteampassnet/TeamPass/commit/c7f7f809071eaa9e04505ee79cec7049a42959e9 • CWE-472: External Control of Assumed-Immutable Web Parameter •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3565 – Cross-site Scripting (XSS) - Generic in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-3565
08 Jul 2023 — Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10. • https://github.com/nilsteampassnet/teampass/commit/820bb49a362a566c9038e4a3048b26d654babb0e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3553 – Exposure of Sensitive Information to an Unauthorized Actor in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-3553
08 Jul 2023 — Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10. • https://github.com/nilsteampassnet/teampass/commit/e9f90b746fdde135da3c7fbe4fa22fe2bd32e66b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3552 – Improper Encoding or Escaping of Output in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-3552
08 Jul 2023 — Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10. • https://github.com/nilsteampassnet/teampass/commit/8acb4dacc2d008a4186a4e13cc143e978f113955 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3551 – Code Injection in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-3551
08 Jul 2023 — Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10. • https://github.com/nilsteampassnet/teampass/commit/cc6abc76aa46ed4a27736c1d2f21e432a5d54e6f • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3531 – Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-3531
06 Jul 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10. • https://github.com/nilsteampassnet/teampass/commit/cb8ea5ccca61653895bb6881547e463baa50293d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3190 – Improper Encoding or Escaping of Output in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-3190
10 Jun 2023 — Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9. • https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3191 – Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-3191
10 Jun 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. • https://github.com/nilsteampassnet/teampass/commit/241dbd4159a5d63b55af426464d30dbb53925705 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •