CVE-2025-65622

Sažetak

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.

Reference

http://snipeitapp.com
https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

02-12-2025 - 17:16

Objavljeno

01-12-2025 - 22:15