Cross-site Scripting (XSS) - Stored in snipe/snipe-it
Valid
Reported on
Nov 21st 2021
Description
Cross site scripting vulnerability in checkout page in notes field
Proof of Concept
1.Login to the demo page.
Go to accessories , select any product and add payload in the checkout notes
click save and open the product xss will trigger
payload = "><iMg SrC="x" oNeRRor="alert(1);">
Impact
This vulnerability is capable of stolen the user cookie
We are processing your report and will contact the
snipe/snipe-it
team within 24 hours.
a year ago
Asura-N modified the report
a year ago
Asura-N modified the report
a year ago
We have contacted a member of the
snipe/snipe-it
team and are waiting to hear back
a year ago
to join this conversation