Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
References
Link | Resource |
---|---|
https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41 | Patch Third Party Advisory |
https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd | Exploit Issue Tracking Patch Third Party Advisory |
Configurations
Information
Published : 2022-04-24 08:15
Updated : 2022-05-03 10:23
NVD link : CVE-2022-1445
Mitre link : CVE-2022-1445
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
snipeitapp
- snipe-it