Home > Vulnerability Database > CVE-2022-1380

Mend.io Vulnerability Database

CVE-2022-1380

Good to know:

Date: April 16, 2022

Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.

Language: PHP

Severity Score

5.4

Related Resources (5)

Url: https://github.com/snipe/snipe-it

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-1380

Url: https://github.com/snipe/snipe-it/commit/f211c11034baf4281aa62e7b5e0347248d995ee9

Url: https://huntr.dev/bounties/3d45cfca-3a72-4578-b735-98837b998a12

Url: https://www.mend.io/vulnerability-database/CVE-2022-1380

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version snipe/snipe-it - dev-features/add_accept_pdf_to_asset_endpoint;snipe/snipe-it - dev-snyk-upgrade-f710172d80462b13e2afd012e062cd5d;snipe/snipe-it - dev-snyk-upgrade-9826430530842ed3fefb3dd1972343cc;snipe/snipe-it - dev-dependabot/github_actions/docker/build-push-action-5;snipe/snipe-it - v6.0.0-RC-1;snipe/snipe-it - dev-bug/check_for_valid_category_on_print;snipe/snipe-it - dev-snyk-fix-109de929f33df8035195d2e8d005af8b;snipe/snipe-it - dev-snyk-upgrade-c984383061fd11ea3aa23a32407aa002;snipe/snipe-it - dev-fixes/added_2fa_string;snipe/snipe-it - dev-develop-v6-integration;snipe/snipe-it - dev-more_print_fixes;snipe/snipe-it - dev-snyk-fix-3c0a826cc3528a757a82b73bdac60569;snipe/snipe-it - dev-feature/google_login_more_prominent;snipe/snipe-it - dev-fix_for_qr_on_old_label_engine;snipe/snipe-it - dev-features/blade_component_for_submit;snipe/snipe-it - dev-snyk-upgrade-bcc306620433a4ebeaaed8c3e4d4c9eb;snipe/snipe-it - dev-snyk-upgrade-23af2ac368155dc386040447ab4dee5e;snipe/snipe-it - dev-snyk-upgrade-48895ab5d277cdb4eb4964f8cdb50fa9;snipe/snipe-it - dev-snyk-upgrade-f577261903c8b2bcda8908451c578b66;snipe/snipe-it - dev-fixes/handle_arrays_on_validation_failure;snipe/snipe-it - v2.0;snipe/snipe-it - dev-dependabot/github_actions/develop/codacy/codacy-analysis-cli-action-4.4.0;snipe/snipe-it - dev-edit_eol_from_bulk;snipe/snipe-it - dev-fixes/fix_crash_on_purged_models_in_activity_report;snipe/snipe-it - dev-fixes/no-NO-language;snipe/snipe-it - v5.4.0;snipe/snipe-it - dev-better_handle_inline_files;snipe/snipe-it - dev-features/adds_license_checkin_checkout_to_all_in_gui;snipe/snipe-it - v4.7.5;snipe/snipe-it - dev-features/google_socialite;snipe/snipe-it - v5.4.3;snipe/snipe-it - dev-fixes/make_boolean_user_fields_more_consistant;snipe/snipe-it - dev-improve_safety_csv_charset_detection;snipe/snipe-it - dev-snyk-upgrade-a83a4a1aa505b3530304a69dc8db7157;snipe/snipe-it - dev-fixes/fmcs_edit_user;snipe/snipe-it - dev-fixes/array_key_in_import;snipe/snipe-it - dev-dependabot/github_actions/develop/codacy/codacy-analysis-cli-action-4.4.1;snipe/snipe-it - dev-fixes/fixed_accessory_not_found_string

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-1380

Good to know:

Date: April 16, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?