Miggo Logo

CVE-2019-17205: TeamPass Stored Cross-site Scripting

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.61577%
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
nilsteampassnet/teampasscomposer<= 2.1.27.36

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unsanitized user input in username fields being stored and displayed in admin logs. The commit diff shows the fix added htmlspecialchars(stripslashes()) around $record['field_1'] in datatable.logs.php, confirming the missing output encoding was the vulnerability point. The affected code constructs CSV log entries that get rendered as HTML tables, making this the precise XSS injection vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T**mP*ss *.*.**.** *llows Stor** XSS *y pl**in* * p*ylo** in t** us*rn*m* *i*l* *urin* * lo*in *tt*mpt. W**n *n **ministr*tor looks *t t** lo* o* **il** lo*ins, t** XSS p*ylo** will ** *x**ut**.

Reasoning

T** vuln*r**ility st*ms *rom uns*nitiz** us*r input in us*rn*m* *i*l*s **in* stor** *n* *ispl*y** in **min lo*s. T** *ommit *i** s*ows t** *ix ***** `*tmlsp**i*l***rs(stripsl*s**s())` *roun* $r**or*['*i*l*_*'] in `**t*t**l*.lo*s.p*p`, *on*irmin* t**