Filtered by vendor Snipeitapp Subscriptions
Total 36 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-0179 1 Snipeitapp 1 Snipe-it 2024-11-21 5.4 Medium
snipe-it is vulnerable to Missing Authorization
CVE-2022-0178 1 Snipeitapp 1 Snipe-it 2024-11-21 6.3 Medium
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
CVE-2021-4130 1 Snipeitapp 1 Snipe-it 2024-11-21 8.8 High
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-4108 1 Snipeitapp 1 Snipe-it 2024-11-21 6.1 Medium
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-4089 1 Snipeitapp 1 Snipe-it 2024-11-21 4.3 Medium
snipe-it is vulnerable to Improper Access Control
CVE-2021-4075 1 Snipeitapp 1 Snipe-it 2024-11-21 7.2 High
snipe-it is vulnerable to Server-Side Request Forgery (SSRF)
CVE-2021-4018 1 Snipeitapp 1 Snipe-it 2024-11-21 5.4 Medium
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3961 1 Snipeitapp 1 Snipe-it 2024-11-21 5.4 Medium
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3938 1 Snipeitapp 1 Snipe-it 2024-11-21 5.4 Medium
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3931 1 Snipeitapp 1 Snipe-it 2024-11-21 4.3 Medium
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-3879 1 Snipeitapp 1 Snipe-it 2024-11-21 5.4 Medium
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3863 1 Snipeitapp 1 Snipe-it 2024-11-21 6.1 Medium
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3858 1 Snipeitapp 1 Snipe-it 2024-11-21 8.8 High
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2019-10118 1 Snipeitapp 1 Snipe-it 2024-11-21 N/A
Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API.
CVE-2024-51094 1 Snipeitapp 1 Snipe-it 2024-11-19 8 High
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server.
CVE-2024-48987 1 Snipeitapp 1 Snipe-it 2024-10-15 6.6 Medium
Snipe-IT before 7.0.10 allows remote code execution (associated with cookie serialization) when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values.