Snipe It
by Snipeitapp
Source repositories
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-3173 | 0.00 | — | 0.01 | Sep 17, 2022 | Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. | |||
| CVE-2022-3035 | 0.00 | — | 0.01 | Aug 29, 2022 | Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11. | |||
| CVE-2022-2997 | 0.00 | — | 0.01 | Aug 25, 2022 | Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. | |||
| CVE-2022-23064 | 0.00 | — | 0.01 | May 2, 2022 | In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus… | |||
| CVE-2022-1511 | 0.00 | — | 0.01 | Apr 28, 2022 | Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4. | |||
| CVE-2022-1445 | 0.00 | — | 0.01 | Apr 24, 2022 | Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie. | |||
| CVE-2022-1380 | 0.00 | — | 0.01 | Apr 16, 2022 | Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie. | |||
| CVE-2022-1155 | 0.00 | — | 0.01 | Mar 30, 2022 | Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. | |||
| CVE-2022-0622 | 0.00 | — | 0.01 | Feb 17, 2022 | Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11. | |||
| CVE-2022-0611 | 0.00 | — | 0.01 | Feb 15, 2022 | Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. | |||
| CVE-2022-0579 | 0.00 | — | 0.01 | Feb 14, 2022 | Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9. | |||
| CVE-2022-0569 | 0.00 | — | 0.01 | Feb 12, 2022 | Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9. | |||
| CVE-2022-0178 | 0.00 | — | 0.01 | Jan 13, 2022 | Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8. | |||
| CVE-2022-0179 | 0.00 | — | 0.01 | Jan 12, 2022 | snipe-it is vulnerable to Missing Authorization | |||
| CVE-2021-4130 | 0.00 | — | 0.00 | Dec 18, 2021 | snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | |||
| CVE-2021-4108 | 0.00 | — | 0.01 | Dec 14, 2021 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-4089 | 0.00 | — | 0.01 | Dec 10, 2021 | snipe-it is vulnerable to Improper Access Control | |||
| CVE-2021-4075 | 0.00 | — | 0.01 | Dec 6, 2021 | snipe-it is vulnerable to Server-Side Request Forgery (SSRF) | |||
| CVE-2021-4018 | 0.00 | — | 0.01 | Dec 1, 2021 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-3961 | 0.00 | — | 0.01 | Nov 19, 2021 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
- CVE-2022-3173Sep 17, 2022risk 0.00cvss —epss 0.01
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
- CVE-2022-3035Aug 29, 2022risk 0.00cvss —epss 0.01
Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.
- CVE-2022-2997Aug 25, 2022risk 0.00cvss —epss 0.01
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.
- CVE-2022-23064May 2, 2022risk 0.00cvss —epss 0.01
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus…
- CVE-2022-1511Apr 28, 2022risk 0.00cvss —epss 0.01
Missing Authorization in GitHub repository snipe/snipe-it prior to 5.4.4.
- CVE-2022-1445Apr 24, 2022risk 0.00cvss —epss 0.01
Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
- CVE-2022-1380Apr 16, 2022risk 0.00cvss —epss 0.01
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
- CVE-2022-1155Mar 30, 2022risk 0.00cvss —epss 0.01
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
- CVE-2022-0622Feb 17, 2022risk 0.00cvss —epss 0.01
Generation of Error Message Containing Sensitive Information in Packagist snipe/snipe-it prior to 5.3.11.
- CVE-2022-0611Feb 15, 2022risk 0.00cvss —epss 0.01
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
- CVE-2022-0579Feb 14, 2022risk 0.00cvss —epss 0.01
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.
- CVE-2022-0569Feb 12, 2022risk 0.00cvss —epss 0.01
Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.
- CVE-2022-0178Jan 13, 2022risk 0.00cvss —epss 0.01
Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.
- CVE-2022-0179Jan 12, 2022risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Missing Authorization
- CVE-2021-4130Dec 18, 2021risk 0.00cvss —epss 0.00
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-4108Dec 14, 2021risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-4089Dec 10, 2021risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Improper Access Control
- CVE-2021-4075Dec 6, 2021risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Server-Side Request Forgery (SSRF)
- CVE-2021-4018Dec 1, 2021risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3961Nov 19, 2021risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Page 2 of 3