snipe/snipe-it is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the transformCheckedoutAccessory
function in AccessoriesTransformer.php
as it does not properly escape the user inputs checkout notes.