Описание
Stored cross-site scripting in Snipe-IT
Snipe-IT prior to version 5.4.3 is vulnerable to stored cross-site scripting because the input to the checked_out_to parameter is not escaped. The vulnerability is capable of stealing a user's cookie.
Пакеты
Наименование
snipe/snipe-it
composer
Затронутые версииВерсия исправления
< 5.4.3
5.4.3
Связанные уязвимости
CVSS3: 5.4
nvd
почти 4 года назад
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
CVSS3: 5.4
debian
почти 4 года назад
Stored Cross Site Scripting vulnerability in the checked_out_to parame ...