Headline
CVE-2023-2591
Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.7.
Related news
GHSA-prj5-2g2p-x2mw: teampass vulnerable to code injection
In nilsteampassnet/teampass prior to 3.0.7, if two users have the same folder access, malicious users can create an item where its label field is vulnerable to HTML injection. When other users see that item, it may force them to redirect to the attacker's website or capture their data using a form. The issue is fixed in version 3.0.7.