CVE-2019-17204: TeamPass Stored Cross-site Scripting
5.4
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.4152%
CWE
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
nilsteampassnet/teampass | composer | <= 2.1.27.36 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability information describes a stored XSS in the Knowledge Base label handling, but no specific code snippets, commit diffs, or implementation details are available. While the root cause is clearly missing input sanitization/output encoding when processing user-supplied KB labels, the exact PHP
functions responsible for (1) storing KB labels in the database or (2) rendering them in HTML
templates cannot be identified with high confidence without access to the actual TeamPass
codebase structure from version 2.1.27.36
. The advisory and issue thread don't provide enough implementation-level details to pinpoint specific functions.