Vulnerabilities > Snipeitapp > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-51093 Cross-site Scripting vulnerability in Snipeitapp Snipe-It 7.0.13
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code.
network
low complexity
snipeitapp CWE-79
8.7
8.7
2023-10-11 CVE-2023-5511 Unspecified vulnerability in Snipeitapp Snipe-It
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
network
low complexity
snipeitapp
8.8
8.8
2022-08-25 CVE-2022-2997 Unspecified vulnerability in Snipeitapp Snipe-It
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
network
low complexity
snipeitapp
8.0
8.0
2022-03-30 CVE-2022-1155 Unspecified vulnerability in Snipeitapp Snipe-It
Old sessions are not blocked by the login enable function.
network
low complexity
snipeitapp
7.4
7.4
2022-02-16 CVE-2022-0611 Unspecified vulnerability in Snipeitapp Snipe-It
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
network
low complexity
snipeitapp
8.8
8.8
2021-12-18 CVE-2021-4130 Unspecified vulnerability in Snipeitapp Snipe-It
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
snipeitapp
8.8
8.8
2021-12-06 CVE-2021-4075 Unspecified vulnerability in Snipeitapp Snipe-It
snipe-it is vulnerable to Server-Side Request Forgery (SSRF)
network
low complexity
snipeitapp
7.2
7.2
2021-10-19 CVE-2021-3858 Cross-Site Request Forgery (CSRF) vulnerability in Snipeitapp Snipe-It
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
network
low complexity
snipeitapp CWE-352
8.8
8.8