Vulnerabilities > Snipeitapp

DATE CVE VULNERABILITY TITLE RISK
2023-10-11 CVE-2023-5511 Cross-Site Request Forgery (CSRF) vulnerability in Snipeitapp Snipe-It
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
network
low complexity
snipeitapp CWE-352
8.8
2023-10-06 CVE-2023-5452 Cross-site Scripting vulnerability in Snipeitapp Snipe-It
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
network
low complexity
snipeitapp CWE-79
5.4
2022-07-07 CVE-2022-32060 Cross-site Scripting vulnerability in Snipeitapp Snipe-It 6.0.2
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
snipeitapp CWE-79
4.8
2022-07-07 CVE-2022-32061 Cross-site Scripting vulnerability in Snipeitapp Snipe-It 6.0.2
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
network
snipeitapp CWE-79
3.5
2022-05-02 CVE-2022-23064 Injection vulnerability in Snipeitapp Snipe-It
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection.
network
snipeitapp CWE-74
6.8
2022-04-28 CVE-2022-1511 Missing Authorization vulnerability in Snipeitapp Snipe-It
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
network
low complexity
snipeitapp CWE-862
6.5
2022-04-24 CVE-2022-1445 Cross-site Scripting vulnerability in Snipeitapp Snipe-It
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3.
network
snipeitapp CWE-79
3.5
2022-04-16 CVE-2022-1380 Cross-site Scripting vulnerability in Snipeitapp Snipe-It
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3.
network
snipeitapp CWE-79
3.5
2022-03-30 CVE-2022-1155 Unspecified vulnerability in Snipeitapp Snipe-It
Old sessions are not blocked by the login enable function.
network
low complexity
snipeitapp
6.5
2022-02-17 CVE-2022-0622 Information Exposure Through an Error Message vulnerability in Snipeitapp Snipe-It
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
network
low complexity
snipeitapp CWE-209
5.0