snipe/snipe-it Security Advisories for v7.0.7 (8)
-
[MEDIUM] Snipe-IT allows stored XSS via the Locations "Country" field
PKSA-wtqq-tf96-nxmc CVE-2025-65622 GHSA-4g25-wj72-chxg
Affected version: <8.3.4
Reported by:
GitHub -
[MEDIUM] Snipe-IT is vulnerable to stored cross-site scripting
PKSA-czzq-6v8k-876d CVE-2025-65621 GHSA-fww5-m9wc-jcjc
Affected version: <8.3.4
Reported by:
GitHub -
[MEDIUM] Snipe-IT has Cross-site Scripting vulnerability in CSV import workflow
PKSA-c9tc-ctjb-ht9h CVE-2025-64027 GHSA-8x9v-8qgj-945x
Affected version: <=8.3.4
Reported by:
GitHub -
[MEDIUM] Snipe-IT allows unsafe deserialization
PKSA-xzw3-k89w-sm61 CVE-2025-59713 GHSA-phwj-fgch-xvrj
Affected version: <8.1.18
Reported by:
GitHub -
[MEDIUM] Snipe-IT allows XSS
PKSA-hsvj-t2cd-6x2t CVE-2025-59712 GHSA-c9wp-pr7f-hfqm
Affected version: <8.1.18
Reported by:
GitHub -
[MEDIUM] Grokability Snipe-IT has incorrect authorization for accessing asset information
PKSA-vcwy-q31n-p6vy CVE-2025-47226 GHSA-h3vp-qwmx-5j25
Affected version: <8.1.0
Reported by:
GitHub -
[HIGH] Cross Site Scripting vulnerability in Snipe-IT
PKSA-b5q2-426v-y91n CVE-2024-51093 GHSA-hw9x-8m75-4vjq
Affected version: <=7.0.13
Reported by:
GitHub -
[HIGH] Snipe-IT remote code execution
PKSA-xdch-tcv5-mhm5 CVE-2024-48987 GHSA-57qh-vmjr-5jxg
Affected version: <7.0.10
Reported by:
GitHub