Teampass: >> Teampass >> 2.1.22 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-04-12
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-04-12
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-04-12
Page 4