3 matches found
CVE-2019-10118
Snipe-IT before 4.6.14 has XSS, as demonstrated by logmeta values and the user's last name in the API...
CVE-2019-10118
Snipe-IT before 4.6.14 has XSS, as demonstrated by logmeta values and the user's last name in the API...
CVE-2019-10118
CVE-2019-10118 relates to Snipe-IT, where versions before 4.6.14 are vulnerable to cross-site scripting (XSS) via log_meta values and the user’s last name in the API. The issue is a client-side input handling flaw that permits injection of arbitrary JavaScript/HTML when data is displayed in a use...