Snipe-it@* Security Vulnerabilities and Issues — Snipe-it@* CVE List

Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.

9CVSS5.6AI score0.00313EPSS

CVE•added 2022/04/16 12:15 p.m.•75 views

CVE-2022-1380

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.

9.1CVSS5.6AI score0.00236EPSS

CVE•added 2022/08/25 9:15 p.m.•74 views

CVE-2022-2997

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

8CVSS6AI score0.00332EPSS

CVE•added 2022/08/29 8:15 p.m.•66 views

CVE-2022-3035

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.

5.9CVSS4.9AI score0.00243EPSS

CVE•added 2022/09/17 7:15 a.m.•63 views

CVE-2022-3173

Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.

4.3CVSS4.5AI score0.00176EPSS

CVE•added 2022/12/25 5:15 a.m.•63 views

CVE-2022-44380

Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.

5.4CVSS5.2AI score0.00115EPSS

CVE•added 2022/01/12 5:15 a.m.•62 views

CVE-2022-0179

snipe-it is vulnerable to Missing Authorization

6.3CVSS5.5AI score0.00221EPSS

CVE•added 2021/10/19 1:15 p.m.•61 views

CVE-2021-3879

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.8CVSS5.5AI score0.00502EPSS

CVE•added 2025/05/02 9:15 p.m.•60 views

CVE-2025-47226

Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.

5CVSS7.1AI score0.00304EPSS

CVE•added 2021/11/19 12:15 p.m.•54 views

CVE-2021-3961

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

8CVSS5.7AI score0.00326EPSS

CVE•added 2021/10/19 1:15 p.m.•52 views

CVE-2021-3863

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.1CVSS5.8AI score0.00238EPSS

CVE•added 2021/10/19 1:15 p.m.•50 views

CVE-2021-3858

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)

8.8CVSS6.4AI score0.00154EPSS

CVE•added 2023/10/06 8:15 p.m.•48 views

CVE-2023-5452

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.

5.5CVSS5.2AI score0.00083EPSS

Web

CVE•added 2024/10/11 1:15 p.m.•48 views

CVE-2024-48987

Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.

6.6CVSS8.1AI score0.01034EPSS

CVE•added 2021/12/14 8:15 p.m.•44 views

CVE-2021-4108

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.4CVSS6.1AI score0.00325EPSS

CVE•added 2021/12/01 10:15 a.m.•43 views

CVE-2021-4018

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.3CVSS5.5AI score0.00225EPSS

CVE•added 2021/12/18 5:15 a.m.•42 views

CVE-2021-4130

snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)