Vulnerabilities > Snipeitapp
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-11-12 | CVE-2024-51093 | Cross-site Scripting vulnerability in Snipeitapp Snipe-It 7.0.13 Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. | 8.7 |
2023-10-11 | CVE-2023-5511 | Unspecified vulnerability in Snipeitapp Snipe-It Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. | 8.8 |
2023-10-06 | CVE-2023-5452 | Unspecified vulnerability in Snipeitapp Snipe-It Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | 5.4 |
2022-12-25 | CVE-2022-44380 | Cross-site Scripting vulnerability in Snipeitapp Snipe-It Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. | 5.4 |
2022-12-25 | CVE-2022-44381 | Information Exposure Through Discrepancy vulnerability in Snipeitapp Snipe-It Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request. | 5.3 |
2022-09-17 | CVE-2022-3173 | Unspecified vulnerability in Snipeitapp Snipe-It Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. | 4.3 |
2022-08-29 | CVE-2022-3035 | Unspecified vulnerability in Snipeitapp Snipe-It Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. | 4.8 |
2022-08-25 | CVE-2022-2997 | Unspecified vulnerability in Snipeitapp Snipe-It Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. | 8.0 |
2022-07-07 | CVE-2022-32060 | Cross-site Scripting vulnerability in Snipeitapp Snipe-It 6.0.2 An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. | 4.8 |
2022-07-07 | CVE-2022-32061 | Cross-site Scripting vulnerability in Snipeitapp Snipe-It 6.0.2 An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. | 4.8 |