Teampass: >> Teampass >> 2.1 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
CVSS Score
6.1
EPSS Score
0.007
Published
2017-04-12
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
CVSS Score
8.8
EPSS Score
0.001
Published
2017-04-12
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
CVSS Score
9.8
EPSS Score
0.016
Published
2017-04-12
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2014-08-07
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2014-08-07
Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/.
CVSS Score
7.5
EPSS Score
0.004
Published
2014-08-07
Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-08-07
Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.
CVSS Score
4.3
EPSS Score
0.051
Published
2012-04-22
Page 4