Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrAsura-n3D45CFCA-3A72-4578-B735-98837B998A12
HistoryApr 11, 2022 - 3:24 p.m.

Stored Cross Site Scripting vulnerability in Item name parameter

2022-04-1115:24:04
asura-n
www.huntr.dev
12
stored cross site scripting
item name parameter
assest module
alert triggered

EPSS

0.001

Percentile

21.4%

JSON

Description

Stored cross site scripting vulnerability on Item name parameter in Assest module. Add payload in item name and whenever the user add the item in his requested assest . The alert will trigger.

Proof of Concept

  1. Login to the demo account

  2. Go to Asset functionality , add or edit an item name with following payload and save

  3. payload = "><img src>

  4. Go to requested assets , check the item name (payload ), that you added or edit an asset which are already in requested asset

  5. If it is there, alert will be triggered

Related

cve 1
nvd 1
cnvd 1
osv 2
veracode 1
redhatcve 1
prion 1
cvelist 1
github 1
cve
cve
CVE-2022-1380
2022-04-16 12:15:09
nvd
nvd
CVE-2022-1380
2022-04-16 12:15:09
cnvd
cnvd
snipe-it cross-site scripting vulnerability (CNVD-2022-36053)
2022-04-19 00:00:00
osv
osv
Cross-site Scripting in snipe-it
2022-04-17 00:00:32
CVE-2022-1380
2022-04-16 12:15:09
veracode
veracode
Cross-site Scripting (XSS)
2022-04-19 08:55:29
redhatcve
redhatcve
CVE-2022-1380
2022-05-20 22:33:46
prion
prion
Cross site scripting
2022-04-16 12:15:00
cvelist
cvelist
CVE-2022-1380 Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it
2022-04-16 11:30:20
github
github
Cross-site Scripting in snipe-it
2022-04-17 00:00:32

EPSS

0.001

Percentile

21.4%

JSON
Related for 3D45CFCA-3A72-4578-B735-98837B998A12
cve1nvd1cnvd1osv2veracode1redhatcve1prion1cvelist1github1