Stored Cross-Site Scripting (XSS) in snipe/snipe-it
Valid
Reported on
Aug 28th 2022
Description
Input fields allowing Markdown Input are vulnerable to XSS. This requires Superadmin permissions though.
Proof of Concept
Steps to reproduce:
1. Log in to the admin account
2. Go to Admin -> General Settings
3. Enter the Payload in the `Login Note` and `Dashboard Message` fields.
4. Go to the Dashboard & confirm the XSS in the dasboard message. Logout and confirm the XSS in the login message.
Payload:
[XSS](javascript:alert(document.location))
Impact
The impact is JavaScript Code Execution. However, superadmin privileges are required to edit the vulnerable input fields.
Occurrences
dashboard.blade.php L20
According to the Parsedown Readme, to prevent XSS it is required to set the safemode: $Parsedown->setSafeMode(true);
login.blade.php L31
According to the Parsedown Readme, to prevent XSS it is required to set the safemode: $Parsedown->setSafeMode(true);
We are processing your report and will contact the
snipe/snipe-it
team within 24 hours.
8 months ago
We have contacted a member of the
snipe/snipe-it
team and are waiting to hear back
8 months ago
The researcher's credibility has increased: +7
login.blade.php#L31
has been validated
dashboard.blade.php#L20
has been validated
to join this conversation
