Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
teampass teampass 2.1.27.36 vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-16904
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)
Teampass Teampass 2.1.27.36
5
CVSSv2
CVE-2020-12477
The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.
Teampass Teampass 2.1.27.36
5
CVSSv2
CVE-2020-12478
TeamPass 2.1.27.36 allows an unauthenticated malicious user to retrieve files from the TeamPass web root. This may include backups or LDAP debug files.
Teampass Teampass 2.1.27.36
6.5
CVSSv2
CVE-2020-12479
TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.
Teampass Teampass 2.1.27.36
3.5
CVSSv2
CVE-2019-17203
TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder.
Teampass Teampass 2.1.27.36
3.5
CVSSv2
CVE-2019-17204
TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item.
Teampass Teampass 2.1.27.36
4.3
CVSSv2
CVE-2019-17205
TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
Teampass Teampass 2.1.27.36
5.8
CVSSv2
CVE-2020-11671
Lack of authorization controls in REST API functions in TeamPass up to and including 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not ava...
Teampass Teampass
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started