Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Snipe\-It
(Snipeitapp)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-09-17 | CVE-2022-3173 | Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. | Snipe\-It | 4.3 | ||
| 2022-12-25 | CVE-2022-44380 | Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. | Snipe\-It | 5.4 | ||
| 2022-12-25 | CVE-2022-44381 | Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request. | Snipe\-It | 5.3 | ||
| 2023-10-06 | CVE-2023-5452 | Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | Snipe\-It | 5.4 | ||
| 2023-10-11 | CVE-2023-5511 | Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. | Snipe\-It | 8.8 | ||
| 2024-11-12 | CVE-2024-51093 | Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system. | Snipe\-It | 8.7 | ||
| 2019-03-27 | CVE-2019-10118 | Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. | Snipe\-It | 6.1 |