Stored XSS on user's name in nilsteampassnet/teampass


Reported on

Jun 2nd 2023


Paste the payload XSS into the Name or Last name field. XSS vulnerability will trigger.

Proof of Concept


This can potentially lead to a range of serious consequences, such as theft of sensitive data, unauthorized access to systems, and the ability to carry out further attacks.

We are processing your report and will contact the nilsteampassnet/teampass team within 24 hours. 4 months ago
Tran Van Nhan modified the report
4 months ago
Nils Laumaillé validated this vulnerability 4 months ago
Tran Van Nhan has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Nils Laumaillé marked this as fixed in 3.0.9 with commit 797315 4 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
Nils Laumaillé published this vulnerability 4 months ago
Nils Laumaillé gave praise 4 months ago
Thank you
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
to join this conversation