Vulnerabilities > Snipeitapp > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-10-06 CVE-2023-5452 Cross-site Scripting vulnerability in Snipeitapp Snipe-It
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
network
low complexity
snipeitapp CWE-79
5.4
2022-07-07 CVE-2022-32060 Cross-site Scripting vulnerability in Snipeitapp Snipe-It 6.0.2
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
snipeitapp CWE-79
4.8
2022-05-02 CVE-2022-23064 Injection vulnerability in Snipeitapp Snipe-It
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection.
network
snipeitapp CWE-74
6.8
2022-04-28 CVE-2022-1511 Missing Authorization vulnerability in Snipeitapp Snipe-It
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
network
low complexity
snipeitapp CWE-862
6.5
2022-03-30 CVE-2022-1155 Unspecified vulnerability in Snipeitapp Snipe-It
Old sessions are not blocked by the login enable function.
network
low complexity
snipeitapp
6.5
2022-02-17 CVE-2022-0622 Information Exposure Through an Error Message vulnerability in Snipeitapp Snipe-It
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
network
low complexity
snipeitapp CWE-209
5.0
2022-02-14 CVE-2022-0579 Missing Authorization vulnerability in Snipeitapp Snipe-It
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
network
low complexity
snipeitapp CWE-862
6.5
2022-02-14 CVE-2022-0569 Information Exposure Through Discrepancy vulnerability in Snipeitapp Snipe-It
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
network
low complexity
snipeitapp CWE-203
4.3
2022-01-13 CVE-2022-0178 Missing Authorization vulnerability in Snipeitapp Snipe-It
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
network
low complexity
snipeitapp CWE-862
5.4
2022-01-12 CVE-2022-0179 Missing Authorization vulnerability in Snipeitapp Snipe-It
snipe-it is vulnerable to Missing Authorization
network
low complexity
snipeitapp CWE-862
5.4