CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2021 – Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-2021
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3. • https://github.com/nilsteampassnet/teampass/commit/77c541a0151841d1f4ceb0a84ca391e1b526d58d https://huntr.dev/bounties/2e31082d-7aeb-46ff-84d6-9561758e3bf0 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1545 – SQL Injection in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-1545
SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. • https://github.com/nilsteampassnet/teampass/commit/4780252fdb600ef2ec2758f17a37d738570cbe66 https://huntr.dev/bounties/942c015f-7486-49b1-94ae-b1538d812bc2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1463 – Authorization Bypass Through User-Controlled Key in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-1463
Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. • https://github.com/nilsteampassnet/teampass/commit/4e06fbaf2b78c3615d0599855a72ba7e31157516 https://huntr.dev/bounties/f6683c3b-a0f2-4615-b639-1920c8ae12e6 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1070 – External Control of File Name or Path in nilsteampassnet/teampass
https://notcve.org/view.php?id=CVE-2023-1070
External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. • https://github.com/nilsteampassnet/teampass/commit/0af3574caba27a61b16dc25c94fa51ae12d2d967 https://huntr.dev/bounties/318bfdc4-7782-4979-956f-9ba2cc44889c • CWE-73: External Control of File Name or Path •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-26980
https://notcve.org/view.php?id=CVE-2022-26980
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO. Teampass versión 2.1.26, permite un ataque de tipo XSS reflejado por medio del PATH_INFO en el archivo index.php • https://gist.github.com/RNPG/6919286e0daebce7634d0a744e060dca https://github.com/nilsteampassnet/TeamPass/commits/teampass_2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •