Количество 3
Количество 3
CVE-2019-25264
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.
CVE-2019-25264
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerabilit ...
GHSA-h4wj-v9vp-683h
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-25264 Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users. | CVSS3: 6.4 | 0% Низкий | 5 дней назад |
| CVE-2019-25264 Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerabilit ... | CVSS3: 6.4 | 0% Низкий | 5 дней назад |
| GHSA-h4wj-v9vp-683h Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users. | CVSS3: 6.4 | 0% Низкий | 5 дней назад |
Уязвимостей на страницу