CVE-2015-7562: TeamPass vulnerable to Cross-site Scripting

May 17, 2022 (updated April 22, 2025)

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.

References

github.com/advisories/GHSA-48q3-m4hf-56c9
github.com/nilsteampassnet/TeamPass
github.com/nilsteampassnet/TeamPass/pull/1140
nvd.nist.gov/vuln/detail/CVE-2015-7562
www.exploit-db.com/exploits/39559

Code Behaviors & Features

Detect and mitigate CVE-2015-7562 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →