0.001 Low
EPSS
Percentile
21.4%
Snipe-IT prior to version 5.4.3 is vulnerable to stored cross-site scripting because the input to the checked_out_to parameter is not escaped. The vulnerability is capable of stealing a user’s cookie.
checked_out_to
github.com/snipe/snipe-it
github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41
huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd
nvd.nist.gov/vuln/detail/CVE-2022-1445