CVE-2023-3191 HIGH

CVE-2023-3191: Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass

Vendor Nilsteampassnet
Product nilsteampassnet/teampass
Weakness CWE-79 · XSS
Published June 10, 2023
Last update January 6, 2025
View on NVD All CVEs

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.

Key dates

02Disclosure timeline

June 10, 2023 CVE published
January 6, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-3877 Reflected Cross-Site Scripting in Dashboard Search CVE-2025-68513 WordPress Bold Timeline Lite plugin <= 1.2.7 - Cross Site Scripting (XSS) vulnerability CVE-2026-25489 Craft Commerce has Stored XSS in Tax Zones (Name & Description) Leading to Potential Privilege Escalation CVE-2025-32533 WordPress Deliver via Shipos for WooCommerce Plugin <= 2.1.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-46254 WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability