Show filters
34 Total Results
Displaying 1-10 of 34
Sort by:
Attacker Value
Unknown
CVE-2024-51093
Disclosure Date: November 12, 2024 (last updated November 19, 2024)
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
0
Attacker Value
Unknown
CVE-2024-5685
Disclosure Date: June 14, 2024 (last updated June 14, 2024)
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
0
Attacker Value
Unknown
CVE-2023-5511
Disclosure Date: October 11, 2023 (last updated October 13, 2023)
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
0
Attacker Value
Unknown
CVE-2023-5452
Disclosure Date: October 06, 2023 (last updated October 11, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
0
Attacker Value
Unknown
CVE-2022-44381
Disclosure Date: December 25, 2022 (last updated October 08, 2023)
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
0
Attacker Value
Unknown
CVE-2022-44380
Disclosure Date: December 25, 2022 (last updated October 08, 2023)
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
0
Attacker Value
Unknown
CVE-2022-3173
Disclosure Date: September 17, 2022 (last updated October 08, 2023)
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
0
Attacker Value
Unknown
CVE-2022-3035
Disclosure Date: August 29, 2022 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
0
Attacker Value
Unknown
CVE-2022-2997
Disclosure Date: August 25, 2022 (last updated October 08, 2023)
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
0
Attacker Value
Unknown
CVE-2022-32061
Disclosure Date: July 07, 2022 (last updated October 07, 2023)
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
0
