Vulnerabilities > Snipeitapp > Snipe IT > 6.0.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-14 | CVE-2024-5685 | Unspecified vulnerability in Snipeitapp Snipe-It Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1. | 8.1 |
| 2023-10-11 | CVE-2023-5511 | Unspecified vulnerability in Snipeitapp Snipe-It Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. | 8.8 |
| 2023-10-06 | CVE-2023-5452 | Unspecified vulnerability in Snipeitapp Snipe-It Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | 5.4 |
| 2022-12-25 | CVE-2022-44380 | Cross-site Scripting vulnerability in Snipeitapp Snipe-It Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. | 5.4 |
| 2022-12-25 | CVE-2022-44381 | Information Exposure Through Discrepancy vulnerability in Snipeitapp Snipe-It Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request. | 5.3 |