Опубликовано: 01 дек. 2025
Источник: github
Github: Прошло ревью
CVSS4: 5.2
CVSS3: 5.4
Описание
Snipe-IT is vulnerable to stored cross-site scripting
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
Пакеты
Наименование
snipe/snipe-it
composer
Затронутые версииВерсия исправления
< 8.3.4
8.3.4
EPSS
Процентиль: 10%
0.00036
Низкий
5.2 Medium
CVSS4
5.4 Medium
CVSS3
CVE ID
Дефекты
CWE-269
CWE-79
Связанные уязвимости
CVSS3: 5.4
nvd
2 месяца назад
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
CVSS3: 5.4
debian
2 месяца назад
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged aut ...
EPSS
Процентиль: 10%
0.00036
Низкий
5.2 Medium
CVSS4
5.4 Medium
CVSS3
CVE ID
Дефекты
CWE-269
CWE-79