CVE-2024-51093
published 2024-11-12CVE-2024-51093: Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can…
PriorityP340high8.7CVSS 3.1
AVNACLPRLUIRSCCHIHAN
EPSS
0.40%
32.0th percentile
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| snipe | snipe-it | 0 – 7.0.13 | — |
| snipeitapp | snipe-it | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross Site Scripting vulnerability in Snipe-IT
ghsa·2024-11-12
CVE-2024-51093 [HIGH] CWE-79 Cross Site Scripting vulnerability in Snipe-IT
Cross Site Scripting vulnerability in Snipe-IT
Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files.
OSV
Cross Site Scripting vulnerability in Snipe-IT
osv·2024-11-12
CVE-2024-51093 [HIGH] Cross Site Scripting vulnerability in Snipe-IT
Cross Site Scripting vulnerability in Snipe-IT
Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-11-12
Published