CVE-2026-3106 in Teampass
摘要 (英语)
Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication attempts, the application does not properly clean or encode the information entered by the user in the username field. As a result, arbitrary JavaScript code is automatically executed in the administrator's browser when viewing failed login entries, resulting in a blind XSS condition.
负责
INCIBE
预定
2026-02-24
披露
2026-03-31
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 354340 | Teampass Login Form index.php 跨网站脚本 | 79 | 未定义 | 官方修复 | CVE-2026-3106 |