CVE-2023-3190: 
PHP vulnerability analysis and mitigation

CVE-2023-3190 is a vulnerability identified in GitHub repository nilsteampassnet/teampass versions prior to 3.0.9. The vulnerability is classified as an Improper Encoding or Escaping of Output issue. It was discovered and disclosed on June 10, 2023, affecting the TeamPass password manager application (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.6 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N. A separate assessment by huntr.dev rated it with a CVSS 3.0 Base Score of 3.5 (LOW). The vulnerability is categorized under CWE-116 (Improper Encoding or Escaping of Output) (NVD).

The vulnerability could potentially lead to security issues related to improper output encoding or escaping in the TeamPass application. The CVSS scoring indicates that successful exploitation could result in low-level impacts to both confidentiality and integrity, while availability is not affected (NVD).

The vulnerability has been fixed in TeamPass version 3.0.9. Users are advised to upgrade to this version or later to mitigate the vulnerability. The fix was implemented through a commit that addresses XSS vulnerabilities in several text inputs (GitHub Patch).