CVE-2015-7562 – nilsteampassnet/teampass

Package

Manager: composer
Name: nilsteampassnet/teampass
Vulnerable Version: >=0 <2.1.25

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00794 pctl0.73074

Details

TeamPass vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.

Metadata

Created: 2022-05-17T02:49:21Z
Modified: 2025-04-22T17:33:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-48q3-m4hf-56c9/GHSA-48q3-m4hf-56c9.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-48q3-m4hf-56c9
Finding: F425
Auto approve: 1