Lucene search

@huntrdevCVE-2023-5452

HistoryOct 06, 2023 - 8:15 p.m.

CVE-2023-5452

2023-10-0620:15:11

CWE-79

@huntrdev

web.nvd.nist.gov

cve-2023-5452

cross-site scripting

xss

github

snipe/snipe-it

nvd

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.8%

JSON

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.

Affected configurations

Nvd

Node

snipeitappsnipe-itRange<6.2.2

VendorProductVersionCPE
snipeitappsnipe-it*cpe:2.3:a:snipeitapp:snipe-it:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
snipeitapp	snipe-it	*	cpe:2.3:a:snipeitapp:snipe-it::::::::

CNA Affected

[
  {
    "vendor": "snipe",
    "product": "snipe/snipe-it",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "v6.2.2",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/snipe/snipe-it/commit/eea2eabaeef16fc8f3a1d61b19c06e9fc8ed942a

huntr.dev/bounties/d6ed5ac1-2ad6-45fd-9492-979820bf60c8