Primary

Context

Teampass Blind Cross-Site Scripting Vulnerability

Vulnerability

Patched

A blind cross-site scripting vulnerability has been identified in Teampass versions prior to 3.1.5.16. The issue arises in the password manager's login functionality, specifically within the 'contraseña' parameter of the login form 'redacted/index.php'. During unsuccessful authentication attempts, the application fails to adequately sanitize or encode the username input. This oversight allows arbitrary JavaScript to be executed in the administrator's browser when reviewing failed login attempts, creating a blind XSS condition.

Impact

Exploitation of this vulnerability allows for blind cross-site scripting, where an attacker can execute JavaScript in the context of the administrator's browser, potentially leading to session hijacking or other malicious actions.

Remediation

Users can upgrade to Teampass version 3.1.5.24 to address this vulnerability.

Added: Mar 31, 2026, 9:21 AM

Updated: Mar 31, 2026, 9:21 AM

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.4

exploitability

6.4

remediation

7.7

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.9

impact

5.4

exploitability

6.4

remediation

7.7

relevance

5.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Teampass Blind Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Teampass

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating