A security hole in KeePass password manager could give an attacker access to unencrypted user passwords. If exploited, the hole would enable an attacker with access to a machine running the KeePass software to inject malicious script. However, KeePass s creator calls the hole minor, and unlikely to be used in an attack. The security hole is rated medium a reflection of the need for attackers to obtain local access to the vulnerable system and fool users into taking certain actions to import malicious content without noticing it.
Source: https://threatpost.com/researcher-warns-security-hole-keepass-password-manager-062712/76738/