Syspass: >> Syspass >> 3.2.1 Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-02-28
The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-02-28
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-02-28
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-09-03
A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to address this issue. The patch is named 4da4d031732ecca67519851fd0c34597dbb8ee55. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222319.
CVSS Score
3.5
EPSS Score
0.001
Published
2023-03-06