CVE-2022-3035
published 2022-08-29CVE-2022-3035: Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
PriorityP419medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.60%
44.0th percentile
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| snipe | snipe-it | >= 0 < 6.0.11 | 6.0.11 |
| snipe | snipe_snipe-it | >= unspecified < v6.0.11 | v6.0.11 |
| snipeitapp | snipe-it | < 6.0.11 | 6.0.11 |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
cisa7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
snipe-it vulnerable to cross-site scripting (XSS)
ghsa·2022-08-30
CVE-2022-3035 [MEDIUM] CWE-79 snipe-it vulnerable to cross-site scripting (XSS)
snipe-it vulnerable to cross-site scripting (XSS)
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
OSV
snipe-it vulnerable to cross-site scripting (XSS)
osv·2022-08-30
CVE-2022-3035 [MEDIUM] snipe-it vulnerable to cross-site scripting (XSS)
snipe-it vulnerable to cross-site scripting (XSS)
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
CISA
Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
cisa·2022-03-25·CVSS 7.5
CVE-2010-3035 [HIGH] CWE-20 Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
Vulnerability: Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
Affected: Cisco IOS XR
Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2010-3035
Remediation Due Date: 2022-04-15
CISA
TP-Link Multiple Archer Devices Directory Traversal Vulnerability
cisa·2022-03-25·CVSS 7.5
CVE-2015-3035 [HIGH] CWE-22 TP-Link Multiple Archer Devices Directory Traversal Vulnerability
Vulnerability: TP-Link Multiple Archer Devices Directory Traversal Vulnerability
Affected: TP-Link Multiple Archer Devices
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-3035
Remediation Due Date: 2022-04-15
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-08-29
Published