CVE-2023-2516

MEDIUM

TeamPass < 3.0.7 - Stored Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-2516. PoCs published by mnqazi.

AI-analyzed exploit summary The repository describes a stored XSS vulnerability (CVE-2023-2516) in Teampass 3.0.6, where an attacker can inject malicious code into shared folder items. The README provides a detailed explanation of the vulnerability, a PoC video link, and mitigation steps.

Description

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

Exploits (1)

nomisec WRITEUP

by mnqazi · poc

https://github.com/mnqazi/CVE-2023-2516

View Code ZIP pw:eip

The repository describes a stored XSS vulnerability (CVE-2023-2516) in Teampass 3.0.6, where an attacker can inject malicious code into shared folder items. The README provides a detailed explanation of the vulnerability, a PoC video link, and mitigation steps.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Teampass 3.0.6

Auth required

Prerequisites: Access to a shared folder in Teampass · Permission to create/edit items in the folder

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://github.com/nilsteampassnet/teampass/commit/39b774cba118ca5383b0a51a71b1e7dea2761927

View Patch ZIP pw:eip

Exploit, Third Party Advisory

https://huntr.dev/bounties/19470f0b-7094-4339-8d4a-4b5570b54716

Scores

CVSS v3 5.4

EPSS 0.0063

EPSS Percentile 70.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

nilsteampassnet/teampass 0 - 3.0.7Packagist

teampass/teampass < 3.0.7

Published May 05, 2023

Tracked Since Feb 18, 2026