snipe/snipe-it is vulnerable to cross-site scripting. The vulnerability exists in views/dashboard.blade.php
and login.blade.php
because the user inputs are not properly escaped which allows a remote attacker to inject and execute malicious code into the system.
CPE | Name | Operator | Version |
---|---|---|---|
snipe/snipe-it | le | v6.0.10 | |
snipe/snipe-it | le | v6.0.10 |