Headline
CVE-2023-3552: 3.0.10 · nilsteampassnet/TeamPass@8acb4da
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
Expand Up
@@ -397,22 +397,26 @@ function simplePurifier(
bSvgFilters = false
)
{
return DOMPurify.sanitize(
sanitizeDom(text)
.replaceAll('<’, ‘<’)
.replaceAll('<’, ‘<’)
.replaceAll('<’, ‘<’)
.replaceAll('>’, ‘>’)
.replaceAll('>’, ‘>’)
.replaceAll('>’, ‘>’)
.replaceAll('&’, ‘&’)
.replaceAll('&’, ‘&’)
.replaceAll('&’, ‘&’)
.replaceAll('"’, ‘"’)
.replaceAll('";’, ‘"’)
.replaceAll('"’, ‘"’)
.replaceAll('’’, “’”),
{USE_PROFILES: {html:bHtml, svg:bSvg, svgFilters: bSvgFilters}}
return sanitizeDom(
DOMPurify.sanitize(
text
.replaceAll('<’, ‘<’)
.replaceAll('<’, ‘<’)
.replaceAll('<’, ‘<’)
.replaceAll('<’, ‘<’)
.replaceAll('>’, ‘>’)
.replaceAll('>’, ‘>’)
.replaceAll('>’, ‘>’)
.replaceAll('>’, ‘>’)
.replaceAll('&’, ‘&’)
.replaceAll('&’, ‘&’)
.replaceAll('&’, ‘&’)
.replaceAll('"’, ‘"’)
.replaceAll('";’, ‘"’)
.replaceAll('"’, ‘"’)
.replaceAll('’’, “’”),
{USE_PROFILES: {html:bHtml, svg:bSvg, svgFilters: bSvgFilters}}
)
);
}
Expand Down
Related news
TeamPass prior to 3.0.10 is vulnerable to cross-site scripting filter bypass in folder names. This can lead to information disclosure.