2 matches found
CVE-2022-1380 Stored Cross Site Scripting vulnerability in Item name parameter in snipe/snipe-it
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie...
CVE-2022-1380
CVE-2022-1380 is a Stored Cross-Site Scripting vulnerability in the snipe-it project’s Item name parameter, affecting all versions prior to 5.4.3. The root cause is unsanitized item name input that can execute injected scripts and potentially steal user cookies, enabling session hijacking. Public...