Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-51093

Опубликовано: 12 нояб. 2024
Источник: debian

Описание

Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
snipe-ititppackage

Связанные уязвимости

nvd логотип

CVE-2024-51093

CVSS3: 8.7
nvd
около 1 года назад

Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.

github логотип

GHSA-hw9x-8m75-4vjq

CVSS3: 8.7
github
около 1 года назад

Cross Site Scripting vulnerability in Snipe-IT