Snipe It
by Snipeitapp
Source repositories
CVEs (46)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3931 | 0.00 | — | 0.00 | Nov 13, 2021 | snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | |||
| CVE-2021-3938 | 0.00 | — | 0.01 | Nov 13, 2021 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-3879 | 0.00 | — | 0.01 | Oct 19, 2021 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-3863 | 0.00 | — | 0.01 | Oct 19, 2021 | snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||
| CVE-2021-3858 | 0.00 | — | 0.01 | Oct 19, 2021 | snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) | |||
| CVE-2019-10118 | 0.00 | — | 0.01 | Mar 27, 2019 | Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. |
- CVE-2021-3931Nov 13, 2021risk 0.00cvss —epss 0.00
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2021-3938Nov 13, 2021risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3879Oct 19, 2021risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3863Oct 19, 2021risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE-2021-3858Oct 19, 2021risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
- CVE-2019-10118Mar 27, 2019risk 0.00cvss —epss 0.01
Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API.
Page 3 of 3