U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 35 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-3565

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

Published: July 10, 2023; 12:15:56 PM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-3553

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

Published: July 08, 2023; 5:15:43 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-3552

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

Published: July 08, 2023; 5:15:43 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-3551

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

Published: July 08, 2023; 5:15:42 AM -0400 		V4.0:(not available)
 V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2023-3531

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.10.

Published: July 06, 2023; 4:15:09 PM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-3191

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Published: June 10, 2023; 5:15:09 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-3190

Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Published: June 10, 2023; 5:15:09 AM -0400 		V4.0:(not available)
 V3.1: 4.6 MEDIUM
V2.0:(not available)
CVE-2023-3095

Improper Access Control in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Published: June 04, 2023; 7:15:09 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-3086

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Published: June 03, 2023; 8:15:09 AM -0400 		V4.0:(not available)
 V3.1: 9.0 CRITICAL
V2.0:(not available)
CVE-2023-3084

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Published: June 03, 2023; 7:15:20 AM -0400 		V4.0:(not available)
 V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2023-3083

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Published: June 03, 2023; 4:15:08 AM -0400 		V4.0:(not available)
 V3.1: 8.7 HIGH
V2.0:(not available)
CVE-2023-3009

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Published: May 31, 2023; 9:15:10 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2859

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Published: May 24, 2023; 4:15:09 AM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-2591

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

Published: May 09, 2023; 6:15:10 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2516

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.

Published: May 05, 2023; 3:15:15 PM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-2021

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.

Published: April 13, 2023; 8:15:08 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-1545

SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

Published: March 21, 2023; 7:15:10 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-1463

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

Published: March 17, 2023; 8:15:11 AM -0400 		V4.0:(not available)
 V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-1070

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22.

Published: February 27, 2023; 11:15:12 AM -0500 		V4.0:(not available)
 V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2020-11671

Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default.

Published: May 04, 2020; 10:15:13 AM -0400 		V4.0:(not available)
 V3.1: 8.1 HIGH
V2.0: 5.8 MEDIUM