snipe-it is vulnerable to Cross-site Scripting · CVE-2021-3938 · GitHub Advisory Database · GitHub

snipe-it is vulnerable to Cross-site Scripting

Low severity GitHub Reviewed Published Nov 15, 2021 to the GitHub Advisory Database • Updated Sep 15, 2023

Package

snipe/snipe-it (Composer)

Affected versions

<= 5.3.1

Patched versions

5.4.0

Description

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

References

Published by the National Vulnerability Database

Nov 13, 2021

Reviewed Nov 15, 2021

Published to the GitHub Advisory Database Nov 15, 2021

Last updated Sep 15, 2023

Severity

Low

3.9

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

High

Privileges required

Low

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N