Stored Cross-Site Scripting Vulnerability in Snipe-IT by Snipe-IT Ltd.
CVE-2024-51093
8.7HIGH
What is CVE-2024-51093?
A Stored Cross-Site Scripting (XSS) vulnerability exists in Snipe-IT version 7.0.13, enabling attackers to upload a specially crafted XML file that contains embedded JavaScript code. If executed, this malicious payload could lead to unauthorized privilege escalation, allowing the attacker to gain super admin permissions within the Snipe-IT system. The potential impact includes compromised data integrity and unauthorized access to sensitive configuration settings, significantly affecting system security.