Vulnerabilities > Snipeitapp > Snipe IT > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-06 | CVE-2023-5452 | Cross-site Scripting vulnerability in Snipeitapp Snipe-It Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | 5.4 |
| 2022-07-07 | CVE-2022-32060 | Cross-site Scripting vulnerability in Snipeitapp Snipe-It 6.0.2 An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. | 4.8 |
| 2022-05-02 | CVE-2022-23064 | Injection vulnerability in Snipeitapp Snipe-It In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. | 6.8 |
| 2022-04-28 | CVE-2022-1511 | Missing Authorization vulnerability in Snipeitapp Snipe-It Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. | 6.5 |
| 2022-03-30 | CVE-2022-1155 | Unspecified vulnerability in Snipeitapp Snipe-It Old sessions are not blocked by the login enable function. | 6.5 |
| 2022-02-17 | CVE-2022-0622 | Information Exposure Through an Error Message vulnerability in Snipeitapp Snipe-It Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. | 5.0 |
| 2022-02-14 | CVE-2022-0579 | Missing Authorization vulnerability in Snipeitapp Snipe-It Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | 6.5 |
| 2022-02-14 | CVE-2022-0569 | Information Exposure Through Discrepancy vulnerability in Snipeitapp Snipe-It Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9. | 4.3 |
| 2022-01-13 | CVE-2022-0178 | Missing Authorization vulnerability in Snipeitapp Snipe-It Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8. | 5.4 |
| 2022-01-12 | CVE-2022-0179 | Missing Authorization vulnerability in Snipeitapp Snipe-It snipe-it is vulnerable to Missing Authorization | 5.4 |