Igor Terlevic

2 exploits Active since Dec 2025
CVE-2025-65621 WRITEUP MEDIUM WRITEUP
Snipe-IT < 8.3.4 - Authenticated Stored Cross-Site Scripting and Privilege Escalation
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
CVSS 5.4
CVE-2025-65622 WRITEUP MEDIUM WRITEUP
Snipe-IT < 8.3.4 - Authenticated Stored Cross-Site Scripting via Locations Country Field
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
CVSS 5.4