
We found results for “”
CVE-2021-3879
Good to know:

Date: October 19, 2021
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Language: PHP
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-79Top Fix

Upgrade Version
Upgrade to version snipe/snipe-it - v6.0.0-RC-1;snipe/snipe-it - dev-dependabot/github_actions/docker/build-push-action-5;snipe/snipe-it - dev-features/add_accept_pdf_to_asset_endpoint;snipe/snipe-it - dev-bug/check_for_valid_category_on_print;snipe/snipe-it - dev-fixes/added_2fa_string;snipe/snipe-it - dev-feature/google_login_more_prominent;snipe/snipe-it - dev-snyk-fix-109de929f33df8035195d2e8d005af8b;snipe/snipe-it - dev-snyk-upgrade-c984383061fd11ea3aa23a32407aa002;snipe/snipe-it - dev-dependabot/github_actions/develop/codacy/codacy-analysis-cli-action-4.4.1;snipe/snipe-it - dev-fixes/apply_v6_currency_formatter;snipe/snipe-it - dev-snyk-upgrade-d1d4efb81b36300732134b2424e46428;snipe/snipe-it - dev-features/google_socialite;snipe/snipe-it - dev-security/snyk_Upgrade-jspdf-autotable-from-3.8.1-to-3.8.2-14365;snipe/snipe-it - dev-fixes/make_boolean_user_fields_more_consistant;snipe/snipe-it - dev-fixes/fixed_accessory_not_found_string;snipe/snipe-it - dev-dependabot/github_actions/develop/codacy/codacy-analysis-cli-action-4.4.0;snipe/snipe-it - dev-snyk-upgrade-48895ab5d277cdb4eb4964f8cdb50fa9;snipe/snipe-it - dev-improve_safety_csv_charset_detection;snipe/snipe-it - dev-dependabot/github_actions/actions/checkout-4;snipe/snipe-it - dev-better_handle_inline_files;snipe/snipe-it - dev-fix_for_qr_on_old_label_engine;snipe/snipe-it - dev-fixes/no-NO-language;snipe/snipe-it - dev-dependabot/github_actions/codacy/codacy-analysis-cli-action-4.2.0;snipe/snipe-it - dev-edit_eol_from_bulk;snipe/snipe-it - dev-fixes/fix_crash_on_purged_models_in_activity_report;snipe/snipe-it - v5.3.0;snipe/snipe-it - dev-snyk-upgrade-23af2ac368155dc386040447ab4dee5e;snipe/snipe-it - dev-features/blade_component_for_submit;snipe/snipe-it - dev-snyk-upgrade-bcc306620433a4ebeaaed8c3e4d4c9eb;snipe/snipe-it - dev-fixes/handle_arrays_on_validation_failure
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | SINGLE |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |