CVE-2015-7562

Опубликовано: 12 апр. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.

Ссылки

https://github.com/nilsteampassnet/TeamPass/pull/1140
Patch
https://www.exploit-db.com/exploits/39559/
Exploit
Patch
Third Party Advisory
https://github.com/nilsteampassnet/TeamPass/pull/1140
Patch
https://www.exploit-db.com/exploits/39559/
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:*

Версия до 2.1.24 (включая)

EPSS

Процентиль: 76%

0.00952

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2015-7562

CVSS3: 6.1

debian

почти 9 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 ...

GHSA-48q3-m4hf-56c9

CVSS3: 6.1

github

больше 3 лет назад

TeamPass vulnerable to Cross-site Scripting

EPSS

Процентиль: 76%

0.00952

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79