727 matches found
CVE-2021-4018 Cross-site Scripting (XSS) - Stored in snipe/snipe-it
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-4018
CVE-2021-4018 is a stored Cross-site Scripting (XSS) vulnerability affecting snipe-it. Public sources describe an XSS flaw in the web page generation path, with the vulnerability located in checkout/notes handling (notably via AccessoriesTransformer.php/transformCheckedoutAccessory) that allows i...
Snipe-IT 跨站脚本漏洞
Snipe-IT is an open source IT asset/license management system . Snipe-IT has a cross-site scripting vulnerability that can be exploited by attackers to perform cross-site scripting attacks...
Snipe-IT Cross-Site Scripting Vulnerability (CNVD-2022-19842)
Snipe-IT is an open source IT asset/license management system. Snipe-IT has a cross-site scripting vulnerability that stems from the product's web generation page not validating the input data, which could be exploited by an attacker to cause client-side code execution...
GHSA-C65V-P733-9796 Cross-site Scripting in snipe/snipe-it
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cross-site Scripting in snipe/snipe-it
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cross-site Scripting (XSS)
snipe-it is vulnerable to cross-site scripting attacks. The vulnerability exists because the custom field values in API response in transformAsset function of AssetsTransformer.php is not properly encoded which allows an attacker to inject and execute arbitrary Javascript...
Cross-site Scripting (XSS) - Stored in snipe/snipe-it
Description Cross site scripting vulnerability in checkout page in notes field Proof of Concept 1.Login to the demo page. 2. Go to accessories , select any product and add payload in the checkout notes 3. click save and open the product xss will trigger payload = " Impact This vulnerability is...
CVE-2021-3961
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3961
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
Cross site scripting
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3961 Cross-site Scripting (XSS) - Stored in snipe/snipe-it
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
CVE-2021-3961
CVE-2021-3961 refers to a cross-site scripting (XSS) vulnerability in the snipe-it project (Snipe-IT). The issue arises from improper neutralization/validation of input during web page generation, allowing crafted data to be reflected in client-side context. Multiple connected sources (including ...
Snipe-it 跨站脚本漏洞
Snipe-IT is an open source IT asset/license management system. Snipe-IT has a cross-site scripting vulnerability that stems from the product's web generation page not validating the input data, which could be exploited by an attacker to cause client-side code execution...
Snipe-IT Cross-site Request Forgery Vulnerability
Snipe-IT is an open source IT asset/license management system. Snipe-IT is vulnerable to cross-site request forgery, which stems from a lack of csrf checksum for POST requests in the software's view.blade.php file, and can be exploited by attackers to launch cross-site request forgery attacks...
Snipe-IT Cross-Site Scripting Vulnerability
Snipe-IT is an open source IT asset/license management system. Snipe-IT has a cross-site scripting vulnerability that stems from the lack of filtering and escaping of user-submitted data in AssetsController, for which no detailed vulnerability details are currently available...
GHSA-2CQG-Q7JM-J35C snipe-it is vulnerable to Cross-site Scripting
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
snipe-it is vulnerable to Cross-site Scripting
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'...
GHSA-533P-CP2G-99WP snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
snipe-it is vulnerable to Cross-Site Request Forgery CSRF...
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
snipe-it is vulnerable to Cross-Site Request Forgery CSRF...