Snipe It
Monthly
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
Snipe-IT before 8.1.18 allows unsafe deserialization. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Snipe-IT before 8.1.18 allows XSS. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.
Snipe-IT before 8.1.18 allows unsafe deserialization. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
Snipe-IT before 8.1.18 allows XSS. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.