CVE-2015-7562
MEDIUMTeamPass <2.1.24 - XSS
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Vincent Malguy · textwebappsphp
https://www.exploit-db.com/exploits/39559
Scores
CVSS v3
6.1
EPSS
0.0095
EPSS Percentile
76.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
nilsteampassnet/teampass
0 - 2.1.25Packagist
teampass/teampass
< 2.1.24
Published
Apr 12, 2017
Tracked Since
Feb 18, 2026