CVE-2025-26091 Information

Description

A Cross Site Scripting (XSS) vulnerability exists in TeamPasswordManager v12.162.284 and before that could allow a remote attacker to execute arbitrary JavaScript in the web browser of a user by including a malicious payload into the ’name’ parameter when creating a new password in the \My Passwords\ page.

Reference

https://brunocaseiro.github.io/CVE-2025-26091/