CVE-2024-51093: Cross Site Scripting vulnerability in Snipe-IT

November 12, 2024 (updated November 18, 2024)

Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files.

References

gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093
github.com/advisories/GHSA-hw9x-8m75-4vjq
github.com/snipe/snipe-it
nvd.nist.gov/vuln/detail/CVE-2024-51093

Code Behaviors & Features

Detect and mitigate CVE-2024-51093 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →