Snipe Snipe-It vulnerabilities
26 known vulnerabilities affecting snipe/snipe_snipe-it.
Total CVEs
26
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH7MEDIUM19
Vulnerabilities
Page 1 of 2
CVE-2023-5452P4MEDIUMCVSS 5.4PoC≥ unspecified, < v6.2.22023-10-06
CVE-2023-5452 [MEDIUM] CWE-79 CVE-2023-5452: Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.
nvd
CVE-2022-0611P3HIGHCVSS 8.8≥ unspecified, < 5.3.112022-02-16
CVE-2022-0611 [HIGH] CWE-862 CVE-2022-0611: Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
nvd
CVE-2023-5511P3HIGHCVSS 8.8≥ unspecified, < v.6.2.32023-10-11
CVE-2023-5511 [HIGH] CWE-352 CVE-2023-5511: Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.
nvd
CVE-2022-1155P3HIGHCVSS 7.4≥ unspecified, < 5.3.102022-03-30
CVE-2022-1155 [HIGH] CWE-840 CVE-2022-1155: Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
nvd
CVE-2021-4075P3HIGHCVSS 7.2≥ unspecified, < none2021-12-06
CVE-2021-4075 [HIGH] CWE-918 CVE-2021-4075: snipe-it is vulnerable to Server-Side Request Forgery (SSRF)
snipe-it is vulnerable to Server-Side Request Forgery (SSRF)
nvd
CVE-2021-3858P4HIGHCVSS 8.8≥ unspecified, < 5.3.02021-10-19
CVE-2021-3858 [HIGH] CWE-352 CVE-2021-3858: snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2022-0579P4MEDIUMCVSS 6.5≥ unspecified, < 5.3.92022-02-14
CVE-2022-0579 [MEDIUM] CWE-862 CVE-2022-0579: Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
nvd
CVE-2022-1511P4MEDIUMCVSS 6.5≥ unspecified, < 5.4.42022-04-28
CVE-2022-1511 [MEDIUM] CWE-862 CVE-2022-1511: Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
nvd
CVE-2021-4130P4HIGHCVSS 8.8≥ unspecified, < 5.3.62021-12-18
CVE-2021-4130 [HIGH] CWE-352 CVE-2021-4130: snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
CVE-2022-2997P4HIGHCVSS 8.0≥ unspecified, < 6.0.102022-08-25
CVE-2022-2997 [HIGH] CWE-384 CVE-2022-2997: Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
nvd
CVE-2022-0178P4MEDIUMCVSS 5.4≥ unspecified, < 5.3.82022-01-13
CVE-2022-0178 [MEDIUM] CWE-862 CVE-2022-0178: Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
nvd
CVE-2022-1380P4MEDIUMCVSS 5.4≥ unspecified, < v5.4.32022-04-16
CVE-2022-1380 [MEDIUM] CWE-79 CVE-2022-1380: Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
nvd
CVE-2022-1445P4MEDIUMCVSS 5.4≥ unspecified, < 5.4.32022-04-24
CVE-2022-1445 [MEDIUM] CWE-79 CVE-2022-1445: Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
nvd
CVE-2021-4108P4MEDIUMCVSS 6.1≥ unspecified, < 5.3.52021-12-14
CVE-2021-4108 [MEDIUM] CWE-79 CVE-2021-4108: snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2021-3863P4MEDIUMCVSS 6.1≥ unspecified, < 5.3.02021-10-19
CVE-2021-3863 [MEDIUM] CWE-79 CVE-2021-3863: snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2021-3879P4MEDIUMCVSS 5.4≥ unspecified, < 5.3.02021-10-19
CVE-2021-3879 [MEDIUM] CWE-79 CVE-2021-3879: snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2021-3961P4MEDIUMCVSS 5.4≥ unspecified, < 5.3.22021-11-19
CVE-2021-3961 [MEDIUM] CWE-79 CVE-2021-3961: snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2021-4018P4MEDIUMCVSS 5.4≥ unspecified, < 5.3.32021-12-01
CVE-2021-4018 [MEDIUM] CWE-79 CVE-2021-4018: snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2021-3938P4MEDIUMCVSS 5.4≥ unspecified, ≤ 5.3.12021-11-13
CVE-2021-3938 [MEDIUM] CWE-79 CVE-2021-3938: snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2022-0622P4MEDIUMCVSS 5.3≥ unspecified, < 5.3.112022-02-17
CVE-2022-0622 [MEDIUM] CWE-209 CVE-2022-0622: Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
nvd
1 / 2Next →