Syspass: >> Syspass >> 3.2.5 Security Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows a malicious user with elevated privileges to execute arbitrary Javascript code by specifying a malicious XSS payload as a notification type or notification component.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-02-28
The account file upload functionality in Syspass 3.2.x fails to properly handle special characters in filenames. This mismanagement leads to the disclosure of the web application s source code, exposing sensitive information such as the database password.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-02-28
A host header injection vulnerability in SysPass 3.2x allows an attacker to load malicious JS files from an arbitrary domain which would be executed in the victim's browser.
CVSS Score
8.1
EPSS Score
0.001
Published
2025-02-28
A cross-site scripting (XSS) vulnerability in SysPass 3.2.x allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter at /Controllers/ClientController.php.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-09-03