Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Teampass | Teampass | <= 2.1.20 |
Related Weaknesses (CWE)
References
- http://teampass.net/installation/2.1.20-released.htmlVendor Advisory
- http://www.openwall.com/lists/oss-security/2014/05/18/2
- http://www.openwall.com/lists/oss-security/2014/05/19/5
- https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0bExploitPatch
- https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92ExploitPatch
- http://teampass.net/installation/2.1.20-released.htmlVendor Advisory
- http://www.openwall.com/lists/oss-security/2014/05/18/2
- http://www.openwall.com/lists/oss-security/2014/05/19/5
- https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0bExploitPatch
- https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92ExploitPatch
FAQ
What is CVE-2014-3774?
CVE-2014-3774 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly ...
How severe is CVE-2014-3774?
CVE-2014-3774 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3774?
Check the references section above for vendor advisories and patch information. Affected products include: Teampass Teampass.