CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
20.8%
snipe/snipe-it is vulnerable to Cross Site Scripting (XSS). The vulnerability is caused by not sanitizing/escaping asset history values while displaying the values on the browser on the view asset page. An attacker can inject malicious JavaScript while editing assets in the location field leading to stored XSS when the same asset is viewed by another user on the browser.