Packagist (Composer) package
snipe/snipe-it
pkg:composer/snipe/snipe-it
Vulnerabilities (46)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3931 | — | <= 5.3.1 | — | Nov 13, 2021 | snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2021-3938 | — | < 5.4.0 | 5.4.0 | Nov 13, 2021 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-3879 | — | < 5.3.0 | 5.3.0 | Oct 19, 2021 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-3863 | — | < 5.3.0 | 5.3.0 | Oct 19, 2021 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||
| CVE-2021-3858 | — | < 5.3.0 | 5.3.0 | Oct 19, 2021 | snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | ||
| CVE-2019-10118 | — | < 4.6.14 | 4.6.14 | Mar 27, 2019 | Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. |
- CVE-2021-3931Nov 13, 2021affected <= 5.3.1
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-3938Nov 13, 2021affected < 5.4.0fixed 5.4.0
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3879Oct 19, 2021affected < 5.3.0fixed 5.3.0
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3863Oct 19, 2021affected < 5.3.0fixed 5.3.0
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3858Oct 19, 2021affected < 5.3.0fixed 5.3.0
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2019-10118Mar 27, 2019affected < 4.6.14fixed 4.6.14
Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API.
Page 3 of 3