Описание
Cross Site Scripting vulnerability in Snipe-IT
Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files.
Пакеты
Наименование
snipe/snipe-it
composer
Затронутые версииВерсия исправления
<= 7.0.13
Отсутствует
Связанные уязвимости
CVSS3: 8.7
nvd
около 1 года назад
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
CVSS3: 8.7
debian
около 1 года назад
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 ...