CVE-2019-10118

Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API.
References
Link Resource
https://github.com/snipe/snipe-it/pull/6831 Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*

Information

Published : 2019-03-26 21:29

Updated : 2019-03-27 09:49


NVD link : CVE-2019-10118

Mitre link : CVE-2019-10118


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

snipeitapp

  • snipe-it