Snipeitapp: >> Snipe-It Security Vulnerabilities
Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through v6.4.1.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-06-14
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-10-11
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-10-06
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-25
Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-12-25
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-09-17
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-08-29
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
CVSS Score
4.6
EPSS Score
0.003
Published
2022-08-25
An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
CVSS Score
4.8
EPSS Score
0.049
Published
2022-07-07
An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
CVSS Score
4.8
EPSS Score
0.004
Published
2022-07-07