cbcvebase.

Snipeitapp Snipe-It vulnerabilities

47 known vulnerabilities affecting snipeitapp/snipe-it.

Total CVEs
47
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH15MEDIUM29LOW1

Vulnerabilities

Page 3 of 3
CVE-2021-3938P4MEDIUMCVSS 5.4≤ 5.3.12021-11-13
CVE-2021-3938 [MEDIUM] CWE-79 CVE-2021-3938: snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site S snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
nvd
CVE-2022-44380P4MEDIUMCVSS 5.4fixed in 6.0.142022-12-25
CVE-2022-44380 [MEDIUM] CWE-79 CVE-2022-44380: Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets. Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.
nvd
CVE-2022-0622P4MEDIUMCVSS 5.3≤ 5.3.10v6.0.02022-02-17
CVE-2022-0622 [MEDIUM] CWE-209 CVE-2022-0622: Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5. Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
nvd
CVE-2022-3173P4MEDIUMCVSS 4.3fixed in 6.0.102022-09-17
CVE-2022-3173 [MEDIUM] CWE-287 CVE-2022-3173: Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
nvd
CVE-2022-3035P4MEDIUMCVSS 4.8fixed in 6.0.112022-08-29
CVE-2022-3035 [MEDIUM] CWE-79 CVE-2022-3035: Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
nvd
CVE-2022-0569P4MEDIUMCVSS 4.3fixed in 5.3.92022-02-14
CVE-2022-0569 [MEDIUM] CWE-203 CVE-2022-0569: Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9. Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
nvd
CVE-2021-3931P4MEDIUMCVSS 4.3≤ 5.3.12021-11-13
CVE-2021-3931 [MEDIUM] CWE-352 CVE-2021-3931: snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
nvd
Snipeitapp Snipe-It vulnerabilities | cvebase