Stored XSS in many configuration fields in nilsteampassnet/teampass


Reported on

Jun 4th 2023


Paste the XSS payload into the configuration fields. And I think there are many fields to configure that can be vulnerable to Stored XSS vulnerabilities, such as configuration fields in Options, MFA, API, Emails,... hope you check it too.

Proof of Concept


Tran Van Nhan from bl4ckh0l3 of GalaxyOne


This can potentially lead to a range of serious consequences, such as theft of sensitive data, unauthorized access to systems, and the ability to carry out further attacks.

We are processing your report and will contact the nilsteampassnet/teampass team within 24 hours. 4 months ago
Tran Van Nhan modified the report
4 months ago
Tran Van Nhan modified the report
4 months ago
Tran Van Nhan modified the report
4 months ago
We have contacted a member of the nilsteampassnet/teampass team and are waiting to hear back 4 months ago
Nils Laumaillé validated this vulnerability 3 months ago
Tran Van Nhan has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Nils Laumaillé marked this as fixed in 3.0.9 with commit 241dbd 3 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
Nils Laumaillé published this vulnerability 3 months ago
Nils Laumaillé gave praise 3 months ago
Thank you
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
to join this conversation