XSS in Teampass

CVE-2026-3107

Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and encode…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.3th percentile) — read the EPSS interpretation.