GHSA-r42m-953q-6vjxMediumCVSS 4.8
Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
🔗 CVE IDs covered (1)
📋 Description
Impact
Users with component view access could be impacted by an unescaped notes column.
Patches
This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater.
Workarounds
None.
🎯 Affected products1
- composer/snipe/snipe-it:< 8.4.1