GHSA-363q-j92x-7543

Source

https://github.com/advisories/GHSA-363q-j92x-7543

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-363q-j92x-7543/GHSA-363q-j92x-7543.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-363q-j92x-7543

Aliases

CVE-2022-44380

Published

2022-12-25T06:30:21Z

Modified

2025-04-15T16:17:15.947202Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Snipe-IT vulnerable to Cross Site Scripting for View Assigned Assets

Details

Snipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.

Database specific

{
    "github_reviewed": true,
    "severity": "MODERATE",
    "cwe_ids": [
        "CWE-79"
    ],
    "nvd_published_at": "2022-12-25T05:15:00Z",
    "github_reviewed_at": "2022-12-30T17:18:49Z"
}

References

Affected packages

Packagist / snipe/snipe-it

Package

Name: snipe/snipe-it
Purl: pkg:composer/snipe/snipe-it

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.0.14

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.2.0

v0.3.0-alpha

v0.3.7-alpha

v0.3.8-alpha

v0.3.9-alpha

v0.3.10-alpha

v0.3.11-alpha

v1.*

v1.0

v1.1

v1.2.0

v1.2.1

v1.2.2

v1.2.3-beta

v1.2.3

v1.2.4-beta

v1.2.4

v1.2.5

v1.2.6-beta

v1.2.6

v1.2.6.1

v1.2.7-beta

v1.2.7

v1.2.8

v1.2.9

v1.2.10

v1.2.11

v2.*

v2.0-beta

v2.0-RC-1

v2.0

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.1.0

v2.1.1

v2.1.2

v3.*

v3.0-alpha

v3.0-alpha2

v3.0-beta.1

v3.0-beta.2

v3.0-beta.3

v3.0

v3.0.0-beta

v3.1.0

v3.3.0-beta

v3.3.0

v3.4

v3.4.0-alpha

v3.4.0-beta

v3.5.0-beta

v3.5.0-beta2

v3.5.0

v3.5.1

v3.5.2

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.6.6

3.*

3.2.0

Other

v4-beta3

v4-beta4

v4.*

v4.0-alpha

v4.0-alpha-2

v4.0-beta

v4.0-beta2

v4.0-beta5

v4.0-beta6

v4.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8

v4.0.9

v4.0.10

v4.0.11

v4.0.12

v4.0.13

v4.0.14

v4.0.15

v4.1.0-beta

v4.1.0-beta2

v4.1.0

v4.1.1

v4.1.2

v4.1.3

v4.1.4

v4.1.5

v4.1.6

v4.1.7

v4.1.8

v4.1.9

v4.1.10

v4.1.11

v4.1.12

v4.1.13

v4.1.14

v4.2.0

v4.3.0

v4.4.0

v4.4.1

v4.5.0

v4.6.0

v4.6.1

v4.6.2

v4.6.3

v4.6.4

v4.6.5

v4.6.6

v4.6.7

v4.6.8

v4.6.9

v4.6.10

v4.6.11

v4.6.12

v4.6.13

v4.6.14

v4.6.15

v4.6.16

v4.6.17

v4.6.18

v4.7.0

v4.7.1

v4.7.2

v4.7.3

v4.7.4

v4.7.5

v4.7.6

v4.7.7

v4.7.8

v4.8.0

v4.9.0

v4.9.1

v4.9.2

v4.9.3

v4.9.4

v4.9.5

v5.*

v5.0.0-beta-1.0

v5.0.0-beta-1.1

v5.0.0-beta-2

v5.0.0-beta-3.0

v5.0.0-beta-4

v5.0.0-beta-5

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

v5.0.7

v5.0.8

v5.0.9

v5.0.10

v5.0.11

v5.0.12

v5.1.0

v5.1.1

v5.1.2

v5.1.3

v5.1.4

v5.1.5

v5.1.6

v5.1.7

v5.1.8

v5.2.0

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.3.6

v5.3.7

v5.3.8

v5.3.9

v5.3.10

v5.4.0

v5.4.1

v5.4.2

v5.4.3

v5.4.4

v6.*

v6.0.0-RC-1

v6.0.0-RC-2

v6.0.0-RC-3

v6.0.0-RC-4

v6.0.0-RC-5

v6.0.0-RC-6

v6.0.0-RC-7

v6.0.0-RC-8

v6.0.0

v6.0.1

v6.0.2

v6.0.3

v6.0.4

v6.0.5

v6.0.6

v6.0.7

v6.0.8

v6.0.9

v6.0.10

v6.0.11

v6.0.12

v6.0.13