{"id":"CVE-2017-15278","details":"Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.","aliases":["GHSA-28pv-2j2h-fmhc"],"modified":"2026-04-10T03:57:26.405906Z","published":"2017-10-12T08:29:00.353Z","references":[{"type":"ADVISORY","url":"https://github.com/nilsteampassnet/TeamPass/releases/tag/2.1.27.9"},{"type":"ADVISORY","url":"https://github.com/nilsteampassnet/TeamPass/blob/master/changelog.md"},{"type":"FIX","url":"https://github.com/nilsteampassnet/TeamPass/commit/f5a765381f051fe624386866ddb1f6b5e7eb929b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nilsteampassnet/teampass","events":[{"introduced":"0"},{"last_affected":"c0b8b0f3a50135ceae69c4fe50496225cd41c143"},{"fixed":"f5a765381f051fe624386866ddb1f6b5e7eb929b"},{"fixed":"f7828f2e1666b8b0b2962b55d088409771378a9c"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.1.27.8"}]}}],"versions":["2.1.20","2.1.25.0","2.1.25.1","2.1.25.2","2.1.26","2.1.26-final","2.1.26-final-2","2.1.26-final-3","2.1.26.0","2.1.26.1","2.1.26.10","2.1.26.11","2.1.26.12","2.1.26.13","2.1.26.14","2.1.26.15","2.1.26.16","2.1.26.17","2.1.26.2","2.1.26.3","2.1.26.4","2.1.26.5","2.1.26.6","2.1.26.7","2.1.26.8","2.1.26.9","2.1.27.0","2.1.27.1","2.1.27.2","2.1.27.3","2.1.27.4","2.1.27.5","2.1.27.6","2.1.27.7","2.1.27.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15278.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}