CVE-2023-3191: 
PHP vulnerability analysis and mitigation

A stored Cross-site Scripting (XSS) vulnerability was identified in GitHub repository nilsteampassnet/teampass versions prior to 3.0.9. The vulnerability was discovered and disclosed on June 10, 2023 (NVD).

The vulnerability has been assigned CVE-2023-3191 and received a CVSS v3.1 base score of 5.4 (MEDIUM) from NIST with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. However, huntr.dev assessed it with a higher CVSS score of 8.1 (HIGH) with vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

The stored XSS vulnerability could allow attackers to execute malicious scripts in the context of other users' browsers, potentially leading to unauthorized access to sensitive information, session hijacking, or other malicious actions when users view the compromised content (NVD).

The vulnerability has been fixed in TeamPass version 3.0.9. Users should upgrade to this version or later to mitigate the risk. The fix includes improved input validation and sanitization mechanisms as evidenced by the commit that addresses the XSS vulnerabilities in several text inputs (GitHub Patch).