Описание
teampass vulnerable to code injection
In nilsteampassnet/teampass prior to 3.0.7, if two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form. The issue is fixed in version 3.0.7.
Пакеты
Наименование
nilsteampassnet/teampass
composer
Затронутые версииВерсия исправления
< 3.0.7
3.0.7
Связанные уязвимости
CVSS3: 5.4
nvd
больше 2 лет назад
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
CVSS3: 5.4
debian
больше 2 лет назад
Improper Neutralization of Input During Web Page Generation ('Cross-si ...