Medium severity6.4OSV Advisory· Published Feb 3, 2026· Updated Apr 15, 2026
CVE-2019-25264
CVE-2019-25264
Description
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 3.2.0, v3.0, v3.0-alpha, …
- Range: = 4.7.5
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.