Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it

Valid

Reported on

Apr 23rd 2022

Description

The checked_out_to is not escaped, which leads to a XSS problem.

Proof of Concept

  1. 1.Login to the demo account

  2. 2.Report->Depreciation Report

  3. 3.Choose a Asset and goto Assets menu and check it out. new a location which is '"><img src onerror=alert(3324)> and check the asset to this location image-20220423162924084

  4. 4.Return to Depreciation Report,refresh,a lert will be triggered image-20220423163023365

 '"><img src onerror=alert(3324)>

Impact

The vulnerability is capable of stolen the user Cookie.

We are processing your report and will contact the snipe/snipe-it team within 24 hours. 2 years ago
mylong modified the report
2 years ago
mylong submitted a
patch
2 years ago
mylong submitted a
patch
2 years ago
We have contacted a member of the snipe/snipe-it team and are waiting to hear back 2 years ago
snipe validated this vulnerability 2 years ago
mylong has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
snipe marked this as fixed in 5.4.3 with commit f623d0 2 years ago
snipe has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation