Lucene search
Veracode Vulnerability DatabaseVERACODE:33051HistoryNov 22, 2021 - 12:58 p.m.
Cross-site Scripting (XSS)
2021-11-2212:58:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
snipe-it
cross-site scripting
api response
transformasset function
assetstransformer.php
improper encoding
arbitrary javascript
EPSS
0.001
Percentile
21.4%
snipe-it is vulnerable to cross-site scripting attacks. The vulnerability exists because the custom field values in API response in transformAsset function of AssetsTransformer.php is not properly encoded which allows an attacker to inject and execute arbitrary Javascript.
Related
cnvd
cnvd
Snipe-IT Cross-Site Scripting Vulnerability (CNVD-2022-19842)
2021-11-24 00:00:00
nvd
nvd
CVE-2021-3961
2021-11-19 12:15:09
osv
osv
CVE-2021-3961
2021-11-19 12:15:00
Cross-site Scripting in snipe/snipe-it
2021-11-23 18:17:33
github
github
Cross-site Scripting in snipe/snipe-it
2021-11-23 18:17:33
cve
cve
CVE-2021-3961
2021-11-19 12:15:09
cvelist
cvelist
CVE-2021-3961 Cross-site Scripting (XSS) - Stored in snipe/snipe-it
2021-11-19 11:55:10
prion
prion
Cross site scripting
2021-11-19 12:15:00
huntr
huntr
Cross-site Scripting (XSS) - Stored in snipe/snipe-it
2021-11-11 08:08:14