snipe/snipe-it is vulnerable to cross-site scripting. The library does not properly escape asset_tag
in the bulk checkout, allowing attackers to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
snipe/snipe-it | le | v5.3.1 | |
snipe/snipe-it | le | v5.3.1 |