Vulnerability Description
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Teampass | Teampass | <= 2.1.27.8 |
Related Weaknesses (CWE)
References
- https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.mdRelease NotesThird Party Advisory
- https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1fPatchThird Party Advisory
- https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9Release NotesThird Party Advisory
- https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.mdRelease NotesThird Party Advisory
- https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1fPatchThird Party Advisory
- https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9Release NotesThird Party Advisory
FAQ
What is CVE-2017-15278?
CVE-2017-15278 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbi...
How severe is CVE-2017-15278?
CVE-2017-15278 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15278?
Check the references section above for vendor advisories and patch information. Affected products include: Teampass Teampass.