Stored cross-site scripting in Snipe-IT
Moderate severity
GitHub Reviewed
Published
Apr 25, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Apr 24, 2022
Published to the GitHub Advisory Database
Apr 25, 2022
Reviewed
May 18, 2022
Last updated
Jan 27, 2023
Snipe-IT prior to version 5.4.3 is vulnerable to stored cross-site scripting because the input to the
checked_out_to
parameter is not escaped. The vulnerability is capable of stealing a user's cookie.References