Stored XSS on item name - Bypass of (CVE-2023-2516) in nilsteampassnet/teampass


Reported on

May 26th 2023


first create two user accounts and grant them permission to access a same folder. In one of the accounts, generate a new item within the folder. Paste the payload XSS into this field, then save the item. Once saved, click on the item to activate an XSS alert. This is the bypass of CVE-2023-2516

Proof of Concept


The impact of this vulnerability is that it enables an attacker to inject malicious code into a shared folder, which can then be executed by other users who have access to the folder. This can potentially lead to a range of serious consequences, such as theft of sensitive data, unauthorized access to systems, and the ability to carry out further attacks.

For instance, an attacker may use this vulnerability to steal user credentials, compromise the confidentiality of sensitive data, or even take control of a victim's account or device. They could also use the vulnerability to propagate malware or ransomware throughout the network. Additionally, if the shared folder is used for collaboration between multiple parties, the vulnerability could allow an attacker to disrupt the work of the entire group, causing loss of productivity and potential financial losses.

We are processing your report and will contact the nilsteampassnet/teampass team within 24 hours. 4 months ago
We have contacted a member of the nilsteampassnet/teampass team and are waiting to hear back 4 months ago
Nils Laumaillé validated this vulnerability 4 months ago

@mnqazi Thank you for this report. But please stop posting a reference in the Github project. I will not fix quicker than I can and I'm reading post when receiving by email.

M Nadeem Qazi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Nils Laumaillé marked this as fixed in 3.0.9 with commit 6ba8cf 4 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
Nils Laumaillé published this vulnerability 4 months ago
Nils Laumaillé gave praise 4 months ago
Thank you
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
M Nadeem Qazi
4 months ago


Ok, I will not post again on github. Thanks for the CVE.

M Nadeem Qazi
4 months ago


Due to this patch, Save button while editing item is not working in Firefox

M Nadeem Qazi
4 months ago


Sorry, my bad. it is working fine.

to join this conversation