Stored XSS in many configuration fields in nilsteampassnet/teampass
Jun 4th 2023
Paste the XSS payload into the configuration fields. And I think there are many fields to configure that can be vulnerable to Stored XSS vulnerabilities, such as configuration fields in Options, MFA, API, Emails,... hope you check it too.
Proof of Concept
Tran Van Nhan from bl4ckh0l3 of GalaxyOne
This can potentially lead to a range of serious consequences, such as theft of sensitive data, unauthorized access to systems, and the ability to carry out further attacks.