Stored HTML injection in folderName affecting Admin in nilsteampassnet/teampass

Valid

Reported on

May 7th 2023


Description

Here FolderName field is vulnerable to HTML injection, a malicious user could potentially rename a folder with a payload containing malicious code. This could result in an attack on the admin who edits the folder, as the payload could execute upon the admin's interaction with the folder. This attack could potentially allow the attacker to gain unauthorized access to the admin's system or steal sensitive information, or it can force admin to get redirected on attacker website.

Proof of Concept

https://drive.google.com/file/d/1RZjHRZiTPcdIU4qR1cmwL3Tv2f9qVar9/view?usp=sharing

Impact

Malicious users could potentially exploit the vulnerability in the label field of an item to carry out an HTML injection attack, which could redirect other users to an attacker's website or capture their sensitive data through a form. This could result in a variety of negative consequences, including the theft of confidential information, financial loss, and reputational damage to the affected users or organizations. Additionally, the attack could spread further, affecting other users who interact with the compromised item or website, leading to a wider breach of security.

We are processing your report and will contact the nilsteampassnet/teampass team within 24 hours. 7 months ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists 7 months ago
We have contacted a member of the nilsteampassnet/teampass team and are waiting to hear back 7 months ago
M Nadeem Qazi modified the report
7 months ago
M Nadeem Qazi
6 months ago

Researcher


@maintainer Any update?

Nils Laumaillé validated this vulnerability 6 months ago
M Nadeem Qazi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Nils Laumaillé marked this as fixed in 3.0.9 with commit 1f5148 6 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
Nils Laumaillé published this vulnerability 6 months ago
M Nadeem Qazi
6 months ago

Researcher


Thanks

to join this conversation