Stored XSS Vulnerability in TeamPass 2.1.27.36 via Crafted Passwords

Stored XSS Vulnerability in TeamPass 2.1.27.36 via Crafted Passwords

CVE-2019-16904 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)

Learn more about our Web Application Penetration Testing UK.