CVE-2022-1380
published 2022-04-16CVE-2022-1380: Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.81%
52.3th percentile
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| snipe | snipe-it | >= 0 < 5.4.3 | 5.4.3 |
| snipe | snipe_snipe-it | >= unspecified < v5.4.3 | v5.4.3 |
| snipeitapp | snipe-it | < 5.4.3 | 5.4.3 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.09.1CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
cisa8.8HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in snipe-it
osv·2022-04-17
CVE-2022-1380 [MEDIUM] Cross-site Scripting in snipe-it
Cross-site Scripting in snipe-it
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
GHSA
Cross-site Scripting in snipe-it
ghsa·2022-04-17
CVE-2022-1380 [MEDIUM] CWE-79 Cross-site Scripting in snipe-it
Cross-site Scripting in snipe-it
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
Red Hat
kernel: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
vendor_redhat·2025-09-15·CVSS 5.5
CVE-2022-50334 [MEDIUM] CWE-476 kernel: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
kernel: hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
In the Linux kernel, the following vulnerability has been resolved:
hugetlbfs: fix null-ptr-deref in hugetlbfs_parse_param()
Syzkaller reports a null-ptr-deref bug as follows:
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
RIP: 0010:hugetlbfs_parse_param+0x1dd/0x8e0 fs/hugetlbfs/inode.c:1380
[...]
Call Trace:
vfs_parse_fs_param fs/fs_context.c:148 [inline]
vfs_parse_fs_param+0x1f9/0x3c0 fs/fs_context.c:129
vfs_parse_fs_string+0xdb/0x170 fs/fs_context.c:191
generic_parse_monolithic+0x16f/0x1f0 fs/fs_context.c:231
do_new_mount fs/namespace.c:3036 [inline]
path_mount+0x12de/0x1e20 fs/namespace.c:3370
do_mount fs/namespace.c:3383 [inline]
__do_sys_mount fs/namespace.c:3591 [inline]
__se_sys_mount fs/name
CISA
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
cisa·2021-11-03·CVSS 8.8
CVE-2020-1380 [HIGH] CWE-787 Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-1380
Remediation Due Date: 2022-05-03
No detection rules found.
No public exploits indexed.
2022-04-16
Published