Cross Site Scripting Vulnerability in Snipe-IT by Snipe-IT

CVE-2022-44380

What is CVE-2022-44380?

Snipe-IT versions prior to 6.0.14 are susceptible to a Cross Site Scripting (XSS) vulnerability that could allow an attacker to inject malicious scripts into the 'View Assigned Assets' features. This flaw can enable unauthorized access to sensitive information by executing scripts in the context of the user's session. It is crucial for users of Snipe-IT to upgrade to version 6.0.14 or later to mitigate this risk.

References