CVE-2023-2591

MEDIUM

TeamPass < 3.0.7 - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-2591. PoCs published by mnqazi.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-2591, a stored HTML injection vulnerability in Teampass 3.0.6. The vulnerability allows malicious users to inject HTML into item labels, potentially redirecting users or capturing data.

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

Exploits (1)

nomisec WRITEUP
by mnqazi · poc
https://github.com/mnqazi/CVE-2023-2591

This repository provides a detailed technical analysis of CVE-2023-2591, a stored HTML injection vulnerability in Teampass 3.0.6. The vulnerability allows malicious users to inject HTML into item labels, potentially redirecting users or capturing data.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Teampass 3.0.6
Auth required
Prerequisites: Access to Teampass with shared folder permissions
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0059
EPSS Percentile 69.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
nilsteampassnet/teampass 0 - 3.0.7Packagist
teampass/teampass < 3.0.7
Published May 09, 2023
Tracked Since Feb 18, 2026