Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it

Valid

Reported on

Apr 23rd 2022


Description

The checked_out_to is not escaped, which leads to a XSS problem.

Proof of Concept

  1. 1.Login to the demo account

  2. 2.Report->Depreciation Report

  3. 3.Choose a Asset and goto Assets menu and check it out. new a location which is '"><img src onerror=alert(3324)> and check the asset to this location image-20220423162924084

  4. 4.Return to Depreciation Report,refresh,a lert will be triggered image-20220423163023365

 '"><img src onerror=alert(3324)>

Impact

The vulnerability is capable of stolen the user Cookie.

We are processing your report and will contact the snipe/snipe-it team within 24 hours. a month ago
mylong modified the report
a month ago
mylong submitted a
a month ago
mylong submitted a
a month ago
We have contacted a member of the snipe/snipe-it team and are waiting to hear back a month ago
snipe validated this vulnerability a month ago
mylong has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
snipe confirmed that a fix has been merged on f623d0 a month ago
snipe has been awarded the fix bounty
to join this conversation