CVE-2019-16904: Cross-site Scripting

September 26, 2019 (updated September 27, 2019)

TeamPass allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.)

References

nvd.nist.gov/vuln/detail/CVE-2019-16904

Detect and mitigate CVE-2019-16904 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →