Vulnerabilities > Snipeitapp

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-51093 Cross-site Scripting vulnerability in Snipeitapp Snipe-It 7.0.13
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code.
network
low complexity
snipeitapp CWE-79
8.7
2023-10-11 CVE-2023-5511 Cross-Site Request Forgery (CSRF) vulnerability in Snipeitapp Snipe-It
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
network
low complexity
snipeitapp CWE-352
8.8
2023-10-06 CVE-2023-5452 Cross-site Scripting vulnerability in Snipeitapp Snipe-It
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
network
low complexity
snipeitapp CWE-79
5.4
2022-12-25 CVE-2022-44380 Cross-site Scripting vulnerability in Snipeitapp Snipe-It
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
network
low complexity
snipeitapp CWE-79
5.4
2022-12-25 CVE-2022-44381 Information Exposure Through Discrepancy vulnerability in Snipeitapp Snipe-It
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
network
low complexity
snipeitapp CWE-203
5.3
2022-09-17 CVE-2022-3173 Improper Authentication vulnerability in Snipeitapp Snipe-It
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
network
low complexity
snipeitapp CWE-287
4.3
2022-08-29 CVE-2022-3035 Cross-site Scripting vulnerability in Snipeitapp Snipe-It
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
network
low complexity
snipeitapp CWE-79
4.8
2022-08-25 CVE-2022-2997 Session Fixation vulnerability in Snipeitapp Snipe-It
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
network
low complexity
snipeitapp CWE-384
8.0
2022-07-07 CVE-2022-32060 Cross-site Scripting vulnerability in Snipeitapp Snipe-It 6.0.2
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
snipeitapp CWE-79
4.8
2022-07-07 CVE-2022-32061 Cross-site Scripting vulnerability in Snipeitapp Snipe-It 6.0.2
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
snipeitapp CWE-79
4.8