Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API.
References
Link | Resource |
---|---|
https://github.com/snipe/snipe-it/pull/6831 | Patch Third Party Advisory |
Configurations
Information
Published : 2019-03-26 21:29
Updated : 2019-03-27 09:49
NVD link : CVE-2019-10118
Mitre link : CVE-2019-10118
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
snipeitapp
- snipe-it