5.4

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-15051

GHSA ID

GHSA-r68m-4v39-cf43

EPSS Score

0.36537%

CWE

CWE-79

Published

5/17/2022

Updated

4/24/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-15051

CVE-2017-15051: TeamPass stored cross-site scripting (XSS) vulnerability

Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. To exploit the vulnerability, the attacker must be first authenticated to the application. For the first one, the attacker has to simply inject XSS code within the URL field of a shared item. For the second one however, the attacker must prepare a payload within its profile, and then ask an administrator to modify its profile. From there, whenever the administrator accesses the log, it can be XSS'ed.

(GitHub Advisory)

5.4

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-15051

GHSA ID

GHSA-r68m-4v39-cf43

EPSS Score

0.36537%

CWE

CWE-79

Published

5/17/2022

Updated

4/24/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
nilsteampassnet/teampass	composer	< 2.1.27.9	2.1.27.9

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The patch adds FILTER_SANITIZE_STRING filtering to URL/login fields in items.queries.php, indicating these were unsanitized input vectors. The vulnerability description explicitly mentions these two injection points (item URL and user log history). The commit shows historical data was rendered with htmlspecialchars_decode() without output encoding in log display logic, and the user profile -> admin log flow matches the second attack vector described.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Multipl* stor** *ross-sit* s*riptin* (XSS) vuln*r**iliti*s in T**mP*ss ***or* *.*.**.* *llow *ut**nti**t** r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript or *TML vi* t** (*) URL v*lu* o* *n it*m or (*) us*r lo* *istory. To *xploit t** vuln*r**ility,

Reasoning

T** p*t** ***s *ILT*R_S*NITIZ*_STRIN* *ilt*rin* to URL/lo*in *i*l*s in it*ms.qu*ri*s.p*p, in*i**tin* t**s* w*r* uns*nitiz** input v**tors. T** vuln*r**ility **s*ription *xpli*itly m*ntions t**s* two inj**tion points (it*m URL *n* us*r lo* *istory). T

5.4

Basic Information

Concerned about an active attack path?

CVE-2017-15051: TeamPass stored cross-site scripting (XSS) vulnerability

5.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI