snipe-it is vulnerable to cross-site scripting attacks. The vulnerability exists because the custom field values in API response in transformAsset
function of AssetsTransformer.php
is not properly encoded which allows an attacker to inject and execute arbitrary Javascript.