Описание
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:snipeitapp:snipe-it:7.0.13:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00226
Низкий
8.7 High
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 8.7
debian
около 1 года назад
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 ...
EPSS
Процентиль: 45%
0.00226
Низкий
8.7 High
CVSS3
Дефекты
CWE-79
CWE-79