Snipeitapp

snipeitapp

49 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Snipe It

snipe-it

49 CVEs

CVEs (49)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-44380 1Snipeitapp 1Snipe It Apr 15, 2025 Dec 25, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
CVE-2022-3173 1Snipeitapp 1Snipe It Nov 21, 2024 Sep 17, 2022 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
CVE-2022-3035 1Snipeitapp 1Snipe It Nov 21, 2024 Aug 29, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
CVE-2022-2997 1Snipeitapp 1Snipe It Nov 21, 2024 Aug 25, 2022 N/A· v4 8.0 HIGH· v3 N/A· v2 Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
CVE-2022-32061 1Snipeitapp 1Snipe It Nov 21, 2024 Jul 7, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-32060 1Snipeitapp 1Snipe It Nov 21, 2024 Jul 7, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.
CVE-2022-23064 1Snipeitapp 1Snipe It Nov 21, 2024 May 2, 2022 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which onc...Show more In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over.Show less
CVE-2022-1511 1Snipeitapp 1Snipe It Nov 21, 2024 Apr 28, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
CVE-2022-1445 1Snipeitapp 1Snipe It Nov 21, 2024 Apr 24, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
CVE-2022-1380 1Snipeitapp 1Snipe It Nov 21, 2024 Apr 16, 2022 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
CVE-2022-1155 1Snipeitapp 1Snipe It Nov 21, 2024 Mar 30, 2022 N/A· v4 7.4 HIGH· v3 6.5 MEDIUM· v2 Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
CVE-2022-0622 1Snipeitapp 1Snipe It Nov 21, 2024 Feb 17, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
CVE-2022-0611 1Snipeitapp 1Snipe It Feb 24, 2026 Feb 16, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
CVE-2022-0579 1Snipeitapp 1Snipe It Feb 24, 2026 Feb 14, 2022 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
CVE-2022-0569 1Snipeitapp 1Snipe It Feb 24, 2026 Feb 14, 2022 N/A· v4 4.3 MEDIUM· v3 4.3 MEDIUM· v2 Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
CVE-2022-0178 1Snipeitapp 1Snipe It Feb 24, 2026 Jan 13, 2022 N/A· v4 5.4 MEDIUM· v3 5.5 MEDIUM· v2 Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
CVE-2022-0179 1Snipeitapp 1Snipe It Nov 21, 2024 Jan 12, 2022 N/A· v4 5.4 MEDIUM· v3 4.9 MEDIUM· v2 snipe-it is vulnerable to Missing Authorization
CVE-2021-4130 1Snipeitapp 1Snipe It Nov 21, 2024 Dec 18, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4108 1Snipeitapp 1Snipe It Nov 21, 2024 Dec 14, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4089 1Snipeitapp 1Snipe It Nov 21, 2024 Dec 10, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 snipe-it is vulnerable to Improper Access Control

Previous 123 Next