27 matches found
CVE-2022-0579
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
CVE-2022-0569
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
CVE-2022-0611
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
CVE-2022-0178
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
CVE-2023-5511
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
CVE-2022-1511
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
CVE-2022-1155
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
CVE-2022-1445
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
CVE-2022-1380
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
CVE-2022-2997
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
CVE-2022-3035
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
CVE-2022-3173
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
CVE-2022-44380
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
CVE-2022-0179
snipe-it is vulnerable to Missing Authorization
CVE-2021-3879
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-47226
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
CVE-2021-3961
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3863
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3858
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2023-5452
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
CVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.
CVE-2021-4108
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4018
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4130
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2019-10118
Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API.
CVE-2025-59713
Snipe-IT before 8.1.18 allows unsafe deserialization.
CVE-2025-59712
Snipe-IT before 8.1.18 allows XSS.