What the vulnerability does
01Description
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3879
MEDIUM
CVE-2021-3879: Cross-site Scripting (XSS) - Stored in snipe/snipe-it
CVSS base score
6.8/10
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
October 19, 2021
CVE published
August 3, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-3630 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting
CVE-2024-30145 HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability
CVE-2020-15253 Stored XSS in Grocy
CVE-2024-45836
CVE-2022-1971 NextCellent Gallery <= 1.9.35 - Admin+ Stored XSS
