Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

teampass teampass 2.1.27.36 vulnerabilities and exploits

(subscribe to this query)
3.5
CVSSv2
CVE-2019-16904
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
Teampass Teampass 2.1.27.36
5
CVSSv2
CVE-2020-12477
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
Teampass Teampass 2.1.27.36
5
CVSSv2
CVE-2020-12478
TeamPass 2.1.27.36 allows an unauthenticated malicious user to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
Teampass Teampass 2.1.27.36
6.5
CVSSv2
CVE-2020-12479
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
Teampass Teampass 2.1.27.36
3.5
CVSSv2
CVE-2019-17203
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
Teampass Teampass 2.1.27.36
3.5
CVSSv2
CVE-2019-17204
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
Teampass Teampass 2.1.27.36
4.3
CVSSv2
CVE-2019-17205
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
Teampass Teampass 2.1.27.36
5.8
CVSSv2
CVE-2020-11671
Lack of authorization controls in REST API functions in TeamPass up to and including 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not ava...
Teampass Teampass
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewallCVE-2024-35649stored XSSCVE-2022-28654CVE-2020-35153CVE-2024-27348CVE-2022-28652local usersCVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook