Stored XSS on FolderName Affecting other users and admin. in nilsteampassnet/teampass
May 26th 2023
If two users have same folder permission, malicious users can rename the folder with XSS payload, which will affect the other user, and admin.
"><img src=x onerror=alert(1)>
Proof of Concept
Malicious users could potentially exploit the vulnerability in the label field of an item to carry out an HTML injection attack, which could redirect other users to an attacker's website or capture their sensitive data through a form. This could result in a variety of negative consequences, including the theft of confidential information, financial loss, and reputational damage to the affected users or organizations. Additionally, the attack could spread further, affecting other users who interact with the compromised item or website, leading to a wider breach of security.