snipe

CVE-2025-63743 WRITEUP MEDIUM WRITEUP

Snipe-IT 8.3.0-8.3.1 - XSS

Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, to inject arbitrary JavaScript code via "Name" and "Surname" fields. The JavaScript code is executed whenever "Activity Report" or modified profile is viewed directly by any user with sufficient permissions. Successful exploitation of this issue requires that the profile's "Display Name" is not set. The vulnerability is fixed in v8.3.2.

CVSS 5.4

View Code

CVE-2021-3858 WRITEUP HIGH WRITEUP

snipe-it - CSRF

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

CVSS 8.8

View Code

CVE-2021-3863 WRITEUP MEDIUM WRITEUP

snipe-it - XSS

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS 6.1

View Code

CVE-2021-3879 WRITEUP MEDIUM WRITEUP

snipe-it - XSS

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS 5.4

View Code

CVE-2021-3931 WRITEUP MEDIUM WRITEUP

Snipeitapp Snipe-it < 5.3.1 - CSRF

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

CVSS 4.3

View Code

CVE-2021-3961 WRITEUP MEDIUM WRITEUP

Snipeitapp Snipe-it < 5.3.2 - XSS

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS 5.4

View Code

CVE-2021-4108 WRITEUP MEDIUM WRITEUP

Snipeitapp Snipe-it < 5.3.5 - XSS

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS 6.1

View Code

CVE-2021-4130 WRITEUP HIGH WRITEUP

Snipeitapp Snipe-it < 5.3.6 - CSRF

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

CVSS 8.8

View Code

CVE-2022-0569 WRITEUP MEDIUM WRITEUP

Packagist snipe/snipe-it <5.3.9 - Info Disclosure

Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.

CVSS 5.3

View Code

CVE-2022-0579 WRITEUP MEDIUM WRITEUP

Packagist snipe/snipe-it <5.3.9 - Info Disclosure

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.

CVSS 6.5

View Code

CVE-2022-0611 WRITEUP MEDIUM WRITEUP

Packagist snipe/snipe-it <5.3.11 - Info Disclosure

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.

CVSS 6.3

View Code

CVE-2022-0622 WRITEUP MEDIUM WRITEUP

Packagist snipe/snipe-it <5.3.11 - Info Disclosure

Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.

CVSS 5.3

View Code

CVE-2022-1155 WRITEUP HIGH WRITEUP

GitHub snipe-it <5.3.10 - Info Disclosure

Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.

CVSS 7.4

View Code

CVE-2022-2997 WRITEUP HIGH WRITEUP

GitHub snipe/snipe-it <6.0.10 - Info Disclosure

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

CVSS 8.0

View Code

CVE-2022-3035 WRITEUP MEDIUM WRITEUP

GitHub repository snipe/snipe-it <6.0.11 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.

CVSS 4.8

View Code

CVE-2022-3173 WRITEUP MEDIUM WRITEUP

Snipeitapp Snipe-it < 6.0.10 - Authentication Bypass

Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.

CVSS 4.3

View Code

CVE-2023-5452 WRITEUP MEDIUM WRITEUP

Snipeitapp Snipe-it < 6.2.2 - XSS

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.

CVSS 5.4

View Code

CVE-2023-5511 WRITEUP HIGH WRITEUP

Snipeitapp Snipe-it < 6.2.3 - CSRF

Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.

CVSS 8.8

View Code

CVE-2024-5685 WRITEUP HIGH WRITEUP

snipe-it <6.4.1 - Privilege Escalation

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.

CVSS 7.6

View Code