CVE-2019-25264

Sažetak

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.

Reference

https://github.com/snipe/snipe-it/releases/tag/v4.7.5
https://snipeitapp.com/
https://www.exploit-db.com/exploits/47756
https://www.vulncheck.com/advisories/snipe-it-open-source-asset-management-persistent-cross-site-scripting

CVSS

Base:	6.4
Impact:	2.7
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

04-02-2026 - 16:34

Objavljeno

03-02-2026 - 18:16