10 matches found
CVE-2022-0579
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
CVE-2022-0178
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
CVE-2022-1511
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
CVE-2022-0179
snipe-it is vulnerable to Missing Authorization
CVE-2021-3879
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3863
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.
CVE-2021-4108
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4018
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10118
Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API.