Shodan
Vulnerabilities
Vulnerable Software
Snipeitapp:  >> Snipe-It  Security Vulnerabilities
CVE-2025-47226
Grokability Snipe-IT before 8.1.0 has incorrect authorization for accessing asset information.
CVSS Score
5.0
EPSS Score
0.004
Published
2025-05-02
CVE-2024-51093
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
CVSS Score
8.7
EPSS Score
0.0
Published
2024-11-12
CVE-2024-51094
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server.
CVSS Score
8.0
EPSS Score
0.001
Published
2024-11-12
CVE-2024-48987
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.
CVSS Score
6.6
EPSS Score
0.01
Published
2024-10-11
CVE-2024-5685
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
CVSS Score
7.6
EPSS Score
0.001
Published
2024-06-14
CVE-2023-5511
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-10-11
CVE-2023-5452
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-06
CVE-2022-44381
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-25
CVE-2022-44380
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-12-25
CVE-2022-3173
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-09-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved