Sign-up

ID

VAR-201704-0016


CVE

CVE-2015-7562


TITLE

TeamPass Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-007515

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. TeamPass is a password manager dedicated to Apache, MySQL and PHP. A cross-site scripting vulnerability exists in TeamPass 2.1.24 and earlier

Trust: 2.16

sources: NVD: CVE-2015-7562 // JVNDB: JVNDB-2015-007515 // CNVD: CNVD-2017-06209

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-06209

AFFECTED PRODUCTS

vendor:teampassmodel:teampassscope:lteversion:2.1.24

Trust: 1.8

vendor:teampassmodel:teampassscope:lteversion:<=2.1.24

Trust: 0.6

vendor:teampassmodel:teampassscope:eqversion:2.1.24

Trust: 0.6

sources: CNVD: CNVD-2017-06209 // JVNDB: JVNDB-2015-007515 // CNNVD: CNNVD-201704-616 // NVD: CVE-2015-7562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7562
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7562
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-06209
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201704-616
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2015-7562
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-06209
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2015-7562
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-06209 // JVNDB: JVNDB-2015-007515 // CNNVD: CNNVD-201704-616 // NVD: CVE-2015-7562

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2015-007515 // NVD: CVE-2015-7562

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-616

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201704-616

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007515

PATCH
title:Security fix for Multiple vulnerabilities #1140url:https://github.com/nilsteampassnet/TeamPass/pull/1140
Trust: 0.8
title:Patch for TeamPass Cross-Site Scripting Vulnerability (CNVD-2017-06209)url:https://www.cnvd.org.cn/patchInfo/show/93405
Trust: 0.6
title:TeamPass Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69232
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06209 // 
            
            
            
            JVNDB: JVNDB-2015-007515 // 
            
            
            
            CNNVD: CNNVD-201704-616

EXTERNAL IDS
db:NVDid:CVE-2015-7562
Trust: 3.0
db:EXPLOIT-DBid:39559
Trust: 2.2
db:JVNDBid:JVNDB-2015-007515
Trust: 0.8
db:EXPLOITDBid:39559
Trust: 0.6
db:CNVDid:CNVD-2017-06209
Trust: 0.6
db:CNNVDid:CNNVD-201704-616
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-06209 // 
            
            
            
            JVNDB: JVNDB-2015-007515 // 
            
            
            
            CNNVD: CNNVD-201704-616 // 
            
            
            
            NVD: CVE-2015-7562

REFERENCES
url:https://www.exploit-db.com/exploits/39559/
Trust: 2.2
url:https://github.com/nilsteampassnet/teampass/pull/1140
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7562
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7562
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-06209 // 
            
            
            
            JVNDB: JVNDB-2015-007515 // 
            
            
            
            CNNVD: CNNVD-201704-616 // 
            
            
            
            NVD: CVE-2015-7562

SOURCES
db:CNVDid:CNVD-2017-06209
db:JVNDBid:JVNDB-2015-007515
db:CNNVDid:CNNVD-201704-616
db:NVDid:CVE-2015-7562

LAST UPDATE DATE
2024-11-23T21:41:31.710000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-06209date:2017-05-10T00:00:00
db:JVNDBid:JVNDB-2015-007515date:2017-05-18T00:00:00
db:CNNVDid:CNNVD-201704-616date:2017-04-20T00:00:00
db:NVDid:CVE-2015-7562date:2024-11-21T02:36:59.387

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-06209date:2017-05-10T00:00:00
db:JVNDBid:JVNDB-2015-007515date:2017-05-18T00:00:00
db:CNNVDid:CNNVD-201704-616date:2017-04-20T00:00:00
db:NVDid:CVE-2015-7562date:2017-04-12T22:59:00.163