CVE-2015-7562

MEDIUM

TeamPass < 2.1.24 - Cross-Site Scripting via Item Label or Role Name

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7562. PoCs published by Vincent Malguy.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities (XSS, CSRF, SQLi) in TeamPass 2.1.24, including proof-of-concept examples, affected parameters, and references to vendor fixes. It provides specific payloads and commit references for remediation.

Description

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Vincent Malguy · textwebappsphp
https://www.exploit-db.com/exploits/39559

This is a detailed technical writeup describing multiple vulnerabilities (XSS, CSRF, SQLi) in TeamPass 2.1.24, including proof-of-concept examples, affected parameters, and references to vendor fixes. It provides specific payloads and commit references for remediation.

Classification
Writeup 95%
Attack Type
Xss | Csrf | Sqli
Complexity
Moderate
Reliability
Reliable
Target: TeamPass 2.1.24 and prior
Auth required
Prerequisites: Access to a vulnerable TeamPass instance · Authenticated user session for CSRF/XSS · Ability to craft malicious input for SQLi
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Patch, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39559/

Scores

CVSS v3 6.1
EPSS 0.0078
EPSS Percentile 74.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
nilsteampassnet/teampass 0 - 2.1.25Packagist
teampass/teampass < 2.1.24
Published Apr 12, 2017
Tracked Since Feb 18, 2026