← Back to CVEs
CVE-2019-16904
MEDIUM5.4
Description
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
CVE Details
CVSS v3.1 Score5.4
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
Published9/26/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
teampass:teampass
Weaknesses (CWE)
CWE-79
References
https://github.com/nilsteampassnet/TeamPass/issues/2685(cve@mitre.org)
https://github.com/nilsteampassnet/TeamPass/issues/2685(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.