Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:NSnipeitapp Snipe It
APPSnipeitapp7.0.13
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSSLPE
Powiązane podatności
CVE-2026-37709CRITICAL9.8PL ✓ten sam produkt
RCE w Snipe-IT — Insecure Permissions w API uploadu plików
CVE-2025-63601CRITICAL9.9PL ✓ten sam produkt
RCE w Snipe-IT via złośliwy plik backup (CVE-2025-63601)
CVE-2026-48507HIGH7.1ten sam produkt
Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-adm...
CVE-2026-44832HIGH8.7ten sam produkt
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit...
CVE-2025-15602HIGH8.7ten sam produkt
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insu...