CVE-2023-2516

Description

nilsteampassnet/teampass prior to version 3.0.7 is vulnerable to cross site scripting (XSS) from item names within a folder.

How to fix CVE-2023-2516

To remediate CVE-2023-2516, upgrade the affected package to a fixed version below.

• Packagist/nilsteampassnet/teampass—upgrade to 3.0.7 or later

Is CVE-2023-2516 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.0.7

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2023-2516
• PATCHgithub.com/nilsteampassnet/teampass
• WEBgithub.com/nilsteampassnet/teampass/commit/39b774cba118ca5383b0a51a71b1e7dea2761927
• WEBhuntr.dev/bounties/19470f0b-7094-4339-8d4a-4b5570b54716