CVE-2017-15278
https://notcve.org/view.php?id=CVE-2017-15278
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. Se ha descubierto Cross-Site Scripting (XSS) en TeamPass en versiones anteriores a la 2.1.27.9. Esta vulnerabilidad existe por un filtrado insuficiente de datos (en /sources/folders.queries.php). • https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-9436
https://notcve.org/view.php?id=CVE-2017-9436
TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. TeamPass anterior a versión 2.1.27.4, es vulnerable a una inyección SQL en el archivo users.queries.php. • https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •