CVE-2024-51093

Published Nov 12, 2024

Last updated 3 days ago

Overview

Description
Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.
Source
cve@mitre.org
NVD status
Undergoing Analysis

Social media

Hype score
Not currently trending

  1. CVE-2024-51093 Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/{{user-id}}/#files. https://t.co/MCJ5HnW64n

    @CVEnew

    13 Nov 2024

    597 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References