CVE-2012-2234

TeamPass < 2.1.6 - Authenticated Cross-Site Scripting via Login Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2234. PoCs published by Marcos Garcia.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in TeamPass 2.1.5 by sending a crafted POST request to 'users.queries.php' with malicious input in the 'login' parameter. The lack of input sanitization allows arbitrary HTML/JavaScript execution in the context of the affected site.

Description

Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marcos Garcia · textwebappsphp

https://www.exploit-db.com/exploits/37087

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in TeamPass 2.1.5 by sending a crafted POST request to 'users.queries.php' with malicious input in the 'login' parameter. The lack of input sanitization allows arbitrary HTML/JavaScript execution in the context of the affected site.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: TeamPass 2.1.5

Auth required

Prerequisites: Access to the TeamPass application · Valid session or authentication credentials

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/81197

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.org/files/111905/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/74910

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/53038

Various Sources x_refsource_misc

https://github.com/nilsteampassnet/TeamPass/blob/master/readme.txt

Scores

EPSS 0.0361

EPSS Percentile 88.0%

Details

CWE

CWE-79

Status published

Products (6)

teampass/teampass 2.1

teampass/teampass 2.1.1

teampass/teampass 2.1.2

teampass/teampass 2.1.3

teampass/teampass 2.1.4

teampass/teampass < 2.1.5

Published Apr 22, 2012

Tracked Since Feb 18, 2026