CVE-2012-2234 – TeamPass 2.1.5 - 'login' HTML Injection

https://notcve.org/view.php?id=CVE-2012-2234

Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en users.queries.php en ETeamPass antes de v2.1.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro 'login' (inicio de sesión). ETeamPass version 2.1.5 suffers from a persistent cross site scripting vulnerability in users.queries.php. • https://www.exploit-db.com/exploits/37087 http://osvdb.org/81197 http://packetstormsecurity.org/files/111905 http://www.securityfocus.com/bid/53038 https://exchange.xforce.ibmcloud.com/vulnerabilities/74910 https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •