Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0yZmZwLXc2NjUtOW1neM4AAzGt
Cross Site Scripting in nilsteampassnet/teampass
nilsteampassnet/teampass prior to version 3.0.7 is vulnerable to cross site scripting (XSS) from item names within a folder.
Permalink: https://github.com/advisories/GHSA-2ffp-w665-9mgxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yZmZwLXc2NjUtOW1neM4AAzGt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 12 months ago
Updated: 5 months ago
CVSS Score: 5.4
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Identifiers: GHSA-2ffp-w665-9mgx, CVE-2023-2516
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-2516
- https://github.com/nilsteampassnet/teampass/commit/39b774cba118ca5383b0a51a71b1e7dea2761927
- https://huntr.dev/bounties/19470f0b-7094-4339-8d4a-4b5570b54716
- https://github.com/advisories/GHSA-2ffp-w665-9mgx
Blast Radius: 3.3
Affected Packages
packagist:nilsteampassnet/teampass
Dependent packages: 0Dependent repositories: 4
Downloads: 21 total
Affected Version Ranges: < 3.0.7
Fixed in: 3.0.7
All affected versions: 2.1.21, 2.1.26, 2.1.27, 3.0.0
All unaffected versions: 3.0.10, 3.1.0, 3.1.1