Lucene search
+L

727 matches found

Cvelist
Cvelist
added 2021/12/01 10:0 a.m.19 views

CVE-2021-4018 Cross-site Scripting (XSS) - Stored in snipe/snipe-it

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

6.3CVSS5.7AI score0.00635EPSS
Exploits1References2
CVE
CVE
added 2021/12/01 10:0 a.m.57 views

CVE-2021-4018

CVE-2021-4018 is a stored Cross-site Scripting (XSS) vulnerability affecting snipe-it. Public sources describe an XSS flaw in the web page generation path, with the vulnerability located in checkout/notes handling (notably via AccessoriesTransformer.php/transformCheckedoutAccessory) that allows i...

6.3CVSS5.5AI score0.00635EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/12/01 12:0 a.m.3 views

Snipe-IT 跨站脚本漏洞

Snipe-IT is an open source IT asset/license management system . Snipe-IT has a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks...

6.3CVSS5.9AI score0.00635EPSS
Exploits1References4
CNVD
CNVD
added 2021/11/24 12:0 a.m.21 views

Snipe-IT Cross-Site Scripting Vulnerability (CNVD-2022-19842)

Snipe-IT is an open source IT asset/license management system. Snipe-IT has a cross-site scripting vulnerability that stems from the product's web generation page not validating the input data, which could be exploited by an attacker to cause client-side code execution...

8CVSS2.8AI score0.00731EPSS
Exploits1References1
OSV
OSV
added 2021/11/23 6:17 p.m.40 views

GHSA-C65V-P733-9796 Cross-site Scripting in snipe/snipe-it

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

8CVSS5.3AI score0.00731EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/11/23 6:17 p.m.42 views

Cross-site Scripting in snipe/snipe-it

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

8CVSS5.6AI score0.00731EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2021/11/22 12:58 p.m.18 views

Cross-site Scripting (XSS)

snipe-it is vulnerable to cross-site scripting attacks. The vulnerability exists because the custom field values in API response in transformAsset function of AssetsTransformer.php is not properly encoded which allows an attacker to inject and execute arbitrary Javascript...

5.4CVSS3AI score0.00731EPSS
Exploits1References4Affected Software1
Huntr
Huntr
added 2021/11/21 6:42 a.m.20 views

Cross-site Scripting (XSS) - Stored in snipe/snipe-it

Description Cross site scripting vulnerability in checkout page in notes field Proof of Concept 1.Login to the demo page. 2. Go to accessories , select any product and add payload in the checkout notes 3. click save and open the product xss will trigger payload = " Impact This vulnerability is...

3.5CVSS1AI score0.00635EPSS
Exploits1References1
OSV
OSV
added 2021/11/19 12:15 p.m.10 views

CVE-2021-3961

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

5.4CVSS5.5AI score
Exploits0References2
NVD
NVD
added 2021/11/19 12:15 p.m.25 views

CVE-2021-3961

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

8CVSS0.00731EPSS
Exploits1References2
Prion
Prion
added 2021/11/19 12:15 p.m.19 views

Cross site scripting

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

3.5CVSS5.4AI score0.00731EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/11/19 11:55 a.m.31 views

CVE-2021-3961 Cross-site Scripting (XSS) - Stored in snipe/snipe-it

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

8CVSS5.7AI score0.00731EPSS
Exploits1References2
CVE
CVE
added 2021/11/19 11:55 a.m.68 views

CVE-2021-3961

CVE-2021-3961 refers to a cross-site scripting (XSS) vulnerability in the snipe-it project (Snipe-IT). The issue arises from improper neutralization/validation of input during web page generation, allowing crafted data to be reflected in client-side context. Multiple connected sources (including ...

8CVSS5.7AI score0.00731EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2021/11/19 12:0 a.m.6 views

Snipe-it 跨站脚本漏洞

Snipe-IT is an open source IT asset/license management system. Snipe-IT has a cross-site scripting vulnerability that stems from the product's web generation page not validating the input data, which could be exploited by an attacker to cause client-side code execution...

8CVSS5.5AI score0.00731EPSS
Exploits1References4
CNVD
CNVD
added 2021/11/16 12:0 a.m.26 views

Snipe-IT Cross-site Request Forgery Vulnerability

Snipe-IT is an open source IT asset/license management system. Snipe-IT is vulnerable to cross-site request forgery, which stems from a lack of csrf checksum for POST requests in the software's view.blade.php file, and can be exploited by attackers to launch cross-site request forgery attacks...

4.3CVSS4.7AI score0.00429EPSS
Exploits1References1
CNVD
CNVD
added 2021/11/16 12:0 a.m.25 views

Snipe-IT Cross-Site Scripting Vulnerability

Snipe-IT is an open source IT asset/license management system. Snipe-IT has a cross-site scripting vulnerability that stems from the lack of filtering and escaping of user-submitted data in AssetsController, for which no detailed vulnerability details are currently available...

5.4CVSS1.6AI score0.00521EPSS
Exploits1References1
OSV
OSV
added 2021/11/15 11:19 p.m.33 views

GHSA-2CQG-Q7JM-J35C snipe-it is vulnerable to Cross-site Scripting

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

3.9CVSS5.3AI score0.00521EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/11/15 11:19 p.m.27 views

snipe-it is vulnerable to Cross-site Scripting

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...

5.4CVSS5.6AI score0.00521EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/11/15 11:19 p.m.26 views

GHSA-533P-CP2G-99WP snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

snipe-it is vulnerable to Cross-Site Request Forgery CSRF...

4.3CVSS4.5AI score0.00429EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2021/11/15 11:19 p.m.23 views

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

snipe-it is vulnerable to Cross-Site Request Forgery CSRF...

4.3CVSS5.1AI score0.00429EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder