snipe/snipe-it Security Advisories for v8.3.1 (4)
-
[HIGH] Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment
PKSA-b19f-d499-7h75 CVE-2025-15602 GHSA-5448-v74m-7mv7
Affected version: <8.3.7
Reported by:
GitHub -
[MEDIUM] Snipe-IT allows stored XSS via the Locations "Country" field
PKSA-wtqq-tf96-nxmc CVE-2025-65622 GHSA-4g25-wj72-chxg
Affected version: <8.3.4
Reported by:
GitHub -
[MEDIUM] Snipe-IT is vulnerable to stored cross-site scripting
PKSA-czzq-6v8k-876d CVE-2025-65621 GHSA-fww5-m9wc-jcjc
Affected version: <8.3.4
Reported by:
GitHub -
[MEDIUM] Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow
PKSA-c9tc-ctjb-ht9h CVE-2025-64027 GHSA-8x9v-8qgj-945x
Affected version: <=8.3.4
Reported by:
GitHub