Show filters
33 Total Results
Displaying 1-10 of 33
Sort by:
Attacker Value
Unknown
CVE-2024-51093
Disclosure Date: November 12, 2024 (last updated November 19, 2024)
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
0
Attacker Value
Unknown
CVE-2023-5511
Disclosure Date: October 11, 2023 (last updated October 13, 2023)
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
0
Attacker Value
Unknown
CVE-2023-5452
Disclosure Date: October 06, 2023 (last updated October 11, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
0
Attacker Value
Unknown
CVE-2022-44381
Disclosure Date: December 25, 2022 (last updated October 08, 2023)
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
0
Attacker Value
Unknown
CVE-2022-44380
Disclosure Date: December 25, 2022 (last updated October 08, 2023)
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
0
Attacker Value
Unknown
CVE-2022-3173
Disclosure Date: September 17, 2022 (last updated October 08, 2023)
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
0
Attacker Value
Unknown
CVE-2022-3035
Disclosure Date: August 29, 2022 (last updated October 08, 2023)
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
0
Attacker Value
Unknown
CVE-2022-2997
Disclosure Date: August 25, 2022 (last updated October 08, 2023)
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
0
Attacker Value
Unknown
CVE-2022-32061
Disclosure Date: July 07, 2022 (last updated October 07, 2023)
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
0
Attacker Value
Unknown
CVE-2022-32060
Disclosure Date: July 07, 2022 (last updated November 29, 2024)
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
0
