EPSS
Percentile
47.7%
snipe/snipe-it is vulnerable to cross-site request forgery. The vulnerability exists in the getRequestAsset in the ViewAssetsController.php, allowing an attacker to disrupt request tracking by sending the malicious HTML.
getRequestAsset
ViewAssetsController.php
github.com/snipe/snipe-it/commit/9b2dd6522f214a3fbee6a4e32699104d0ea2b6ae
huntr.dev/bounties/ccf073cd-7f54-4d51-89f2-6b4a2e4ae81e
huntr.dev/bounties/ccf073cd-7f54-4d51-89f2-6b4a2e4ae81e/