Posted by Peter Kok on May 26

Hi Ulisses,

The XSS found is a different one. The one mentioned on
https://github.com/nilsteampassnet/TeamPass/issues/1244 has a screenshot
where the XSS is inserted when creating a new role and by preventing the
javascript filters to execute. A new role can only be created by the
admin user. This XSS is also performed by inserting the <script> tag,
this tag does not work in the new found bug.

The new found
XSS(…