Description
Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Marcos Garcia · textwebappsphp
https://www.exploit-db.com/exploits/37087
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/81197
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/files/111905/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/74910
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53038
Various Sources x_refsource_misc
https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt
Scores
EPSS
0.0250
EPSS Percentile
85.4%
Details
CWE
CWE-79
Status
published
Products (6)
teampass/teampass
2.1
teampass/teampass
2.1.1
teampass/teampass
2.1.2
teampass/teampass
2.1.3
teampass/teampass
2.1.4
teampass/teampass
< 2.1.5
Published
Apr 22, 2012
Tracked Since
Feb 18, 2026