[HIGH] Cross Site Scripting vulnerability in Snipe-IT

PKSA-b5q2-426v-y91n CVE-2024-51093 GHSA-hw9x-8m75-4vjq

Affected version: <=7.0.13

Reported by:
GitHub

[HIGH] Snipe-IT remote code execution

PKSA-xdch-tcv5-mhm5 CVE-2024-48987 GHSA-57qh-vmjr-5jxg

Affected version: <7.0.10

Reported by:
GitHub

[HIGH] Snipe-IT allows users to promote or demote themselves or other users

PKSA-z8qx-662q-rf8y CVE-2024-5685 GHSA-544r-fc65-v832

Affected version: <6.4.2

Reported by:
GitHub

[HIGH] Cross-Site Request Forgery (CSRF) in snipe/snipe-it

PKSA-vwgv-c27j-814j CVE-2023-5511 GHSA-33vj-r6p6-x4p8

Affected version: <=6.2.2

Reported by:
GitHub

[MEDIUM] Cross-site Scripting in snipe/snipe-it

PKSA-cht9-1vc6-6bmf CVE-2023-5452 GHSA-rr5c-69c9-gj9f

Affected version: <=6.2.1

Reported by:
GitHub

[MEDIUM] Snipe-IT allows attackers to check whether a user account exists

PKSA-jrdw-kz9p-4bz7 CVE-2022-44381 GHSA-qqv9-gqh5-7h99

Affected version: <=6.0.14

Reported by:
GitHub

[MEDIUM] Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets

PKSA-44wz-9w6n-4dr3 CVE-2022-44380 GHSA-363q-j92x-7543

Affected version: <6.0.14

Reported by:
GitHub

[MEDIUM] Snipe-IT vulnerable to Improper Authentication

PKSA-7r6m-2yf6-yhdg CVE-2022-3173 GHSA-fhvv-p968-6vvj

Affected version: <6.0.10

Reported by:
GitHub

[MEDIUM] snipe-it vulnerable to cross-site scripting (XSS)

PKSA-w688-w6zs-zd4h CVE-2022-3035 GHSA-rff2-vqm3-jpv5

Affected version: <6.0.11

Reported by:
GitHub

[MEDIUM] Insufficient Session Expiration in snipe/snipe-it

PKSA-rfx5-qvwj-94st CVE-2022-2997 GHSA-cmxc-9ghj-jp87

Affected version: <6.0.10

Reported by:
GitHub

[MEDIUM] Snipe-IT 6.0.2 vulnerable to Cross-site Scripting via arbitrary file upload in Update Branding Settings

PKSA-8j5v-fmm7-wt5m CVE-2022-32060 GHSA-w82x-xjjr-cjr5

Affected version: <=6.0.2

Reported by:
GitHub

[MEDIUM] Snipe-IT 6.0.2 vulnerable to Cross-site Scripting

PKSA-z58z-h4zh-1zhj CVE-2022-32061 GHSA-xwqx-x38c-cw95

Affected version: <=6.0.2

Reported by:
GitHub