Filtered by vendor Teampass Subscriptions

Search

Switch to Advanced Search (Beta)
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-11671 1 Teampass 1 Teampass 2024-11-21 8.1 High
Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.
CVE-2019-17205 1 Teampass 1 Teampass 2024-11-21 6.1 Medium
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
CVE-2019-17204 1 Teampass 1 Teampass 2024-11-21 5.4 Medium
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
CVE-2019-17203 1 Teampass 1 Teampass 2024-11-21 5.4 Medium
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
CVE-2019-16904 1 Teampass 1 Teampass 2024-11-21 5.4 Medium
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
CVE-2019-12950 1 Teampass 1 Teampass 2024-11-21 N/A
An issue was discovered in TeamPass 2.1.27.35. From the sources/items.queries.php "Import items" feature, it is possible to load a crafted CSV file with an XSS payload.
CVE-2019-1000001 1 Teampass 1 Teampass 2024-11-21 N/A
TeamPass version 2.1.27 and earlier contains a Storing Passwords in a Recoverable Format vulnerability in Shared password vaults that can result in all shared passwords are recoverable server side. This attack appears to be exploitable via any vulnerability that can bypass authentication or role assignment and can lead to shared password leakage.