CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-51093

Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.2%

CVSS Severity

CVSS v3 Score 8.7

References

https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093

Products affected by CVE-2024-51093

Snipeitapp » Snipe-It » Version: 7.0.13

cpe:2.3:a:snipeitapp:snipe-it:7.0.13

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-51093

Products

Pricing

Contact Us