[HIGH] Snipe-IT has sensitive user attributes related to account privileges that are insufficiently protected against mass assignment

PKSA-b19f-d499-7h75 CVE-2025-15602 GHSA-5448-v74m-7mv7

Affected version: <8.3.7

Reported by:
GitHub

[MEDIUM] Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow

PKSA-c9tc-ctjb-ht9h CVE-2025-64027 GHSA-8x9v-8qgj-945x

Affected version: <=8.3.4

Reported by:
GitHub