HIGH🇬🇧 English

CVE-2024-51093

CVSS 8.7v3.1pub. 2024-11-12upd. 2024-11-21

Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
  • Snipeitapp Snipe It

    APP
    Snipeitapp
    7.0.13
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSSLPE
CWE
Referencje

Powiązane podatności

CVE-2026-37709CRITICAL9.8PL ✓ten sam produkt

RCE w Snipe-IT — Insecure Permissions w API uploadu plików

CVE-2025-63601CRITICAL9.9PL ✓ten sam produkt

RCE w Snipe-IT via złośliwy plik backup (CVE-2025-63601)

CVE-2026-48507HIGH7.1ten sam produkt

Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-adm...

CVE-2026-44832HIGH8.7ten sam produkt

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit...

CVE-2025-15602HIGH8.7ten sam produkt

Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insu...