CVE-2023-3084: 
PHP vulnerability analysis and mitigation

A stored Cross-site Scripting (XSS) vulnerability was discovered in GitHub repository nilsteampassnet/teampass versions prior to 3.0.9. The vulnerability was assigned CVE-2023-3084 and was disclosed on June 3, 2023. The vulnerability affects the TeamPass password manager application (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. This indicates that the vulnerability can be exploited remotely without requiring privileges, though user interaction is needed. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD, Huntr).

If successfully exploited, this stored XSS vulnerability could allow attackers to execute arbitrary JavaScript code in the context of other users' browsers, potentially leading to theft of sensitive information, session hijacking, or other malicious actions. The CVSS score indicates high potential impact on both confidentiality and integrity (NVD).

The vulnerability has been fixed in TeamPass version 3.0.9. Users are advised to upgrade to this version or later. The fix includes improved input sanitization for folder names and other user inputs (GitHub Patch).