Snipeitapp: >> Snipe-It >> 8.2.1 Security Vulnerabilities
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-01
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-12-01
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.
CVSS Score
9.9
EPSS Score
0.004
Published
2025-11-05