Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| snipe/snipe-it(Packagist) | 0 | 8.3.4 | N/A |
CVSS Metrics
