huntr: snipe/snipe-it

snipe / snipe-it

A free open source IT asset/license management system

Submit a report

FIRST INTERACTION

WITHIN1 DAY

REVIEW

WITHIN5 DAYS

FIX

WITHIN5 DAYS

snipe

CSRF in Send Reminder

Oct 11th 2023

hainguyen0207•

Medium

Medium

•CVE-2023-5511

snipe

Open Redirect Vulnerability

Oct 11th 2023

hainguyen0207•

self closed

snipe

Stored Cross Site Scripting (XSS)

Oct 6th 2023

shahzaibak96•

Medium

Medium

•CVE-2023-5452

snipe

CSV Injection in CSV files generated by the backend

Sep 30th 2022

Low

Low

snipe

Reflected XSS on searchbar (on top)

Sep 12th 2022

not applicable

snipe

Stored Cross-Site Scripting (XSS)

Aug 29th 2022

Medium

Medium

•CVE-2022-3035

snipe

Improper Authentication

Sep 16th 2022

Medium

Medium

•CVE-2022-3173

snipe

Session Fixation

Aug 25th 2022

Medium

Medium

•CVE-2022-2997

snipe

Username can be enumerated by password reset endpoint

Jun 22nd 2022

Low

Low

snipe

Able to create an user with a long password as well as long username

May 13th 2022

Low

Low

snipe

Session cookie is not invalidated on logout

May 1st 2022

pending

snipe

Stored Cross Site Scripting vulnerability in the checked_out_to parameter

Apr 24th 2022

Critical

•$55

Critical

•$55•CVE-2022-1445

snipe

purchase_cost can be set negative

Apr 15th 2022

not applicable

snipe

Incorrect Privilege Assignment

Apr 28th 2022

not applicable

snipe

Bussiness Logic Error at checkout function

Apr 14th 2022

pending

snipe

Stored Cross Site Scripting vulnerability in Item name parameter

Apr 15th 2022

Critical

•$55

Critical

•$55•CVE-2022-1380

snipe

Old sessions are not blocked by the login enable function.

Mar 29th 2022

lekhang123lc•

High

•$30

High

•$30•CVE-2022-1155

snipe

Improper Access Control

Apr 28th 2022

shubh123-tri•

Medium

•$48.6

Medium

•$48.6•CVE-2022-1511

snipe

Exposure of Sensitive Information to an Unauthorized Actor

Feb 11th 2022

thebinitghimire•

Medium

Medium

•CVE-2022-0569

snipe

Generation of Error Message Containing Sensitive Information

Feb 16th 2022

thebinitghimire•

Medium

•$3.4

Medium

•$3.4•CVE-2022-0622

snipe

Improper Privilege Management

Feb 13th 2022

shubh123-tri•

Medium

•$55

Medium

•$55•CVE-2022-0579

snipe

Incorrect Privilege Assignment

Feb 11th 2022

Medium

•$66

Medium

•$66

snipe

Improper Privilege Management

Feb 14th 2022

Medium

•$77

Medium

•$77•CVE-2022-0611

snipe

Improper Access Control

Jan 13th 2022

Medium

•$33.4

Medium

•$33.4•CVE-2022-0178

snipe

Improper Access Control

Jan 11th 2022

Medium

•$105

Medium

•$105•CVE-2022-0179

snipe

Cross-Site Request Forgery (CSRF)

Dec 17th 2021

Medium

•$48.6

Medium

•$48.6•CVE-2021-4130

snipe

Cross-site Scripting (XSS) - Stored

Dec 13th 2021

Medium

Medium

•CVE-2021-4108

snipe

Improper Access Control

Dec 9th 2021

Medium

•$95

Medium

•$95•CVE-2021-4089

snipe

Server-Side Request Forgery (SSRF)

Dec 6th 2021

Low

•$106.4

Low

•$106.4•CVE-2021-4075

snipe

Cross-site Scripting (XSS) - Stored

Nov 25th 2021

Medium

Medium

•CVE-2021-4018

snipe

Cross-site Scripting (XSS) - Stored

Nov 16th 2021

khanhchauminh•

High

•$40

High

•$40•CVE-2021-3961

snipe

Cross-Site Request Forgery (CSRF)

Nov 8th 2021

Medium

•$39

Medium

•$39

snipe

Cross-site Scripting (XSS) - Generic

Nov 9th 2021

Low

•$47.5

Low

•$47.5•CVE-2021-3938

snipe

Cross-Site Request Forgery (CSRF)

Nov 5th 2021

Medium

•$123.5

Medium

•$123.5•CVE-2021-3931

snipe

Cross-site Scripting (XSS) - Stored

Oct 15th 2021

Medium

Medium

•CVE-2021-3879

snipe

Insufficient Granularity of Access Control

Oct 8th 2021

Medium

•$40

Medium

•$40

snipe

Cross-site Scripting (XSS) - Generic

Oct 6th 2021

Medium

•$10

Medium

•$10•CVE-2021-3863

snipe

Cross-Site Request Forgery (CSRF)

Oct 5th 2021

Medium

•$120

Medium

•$120•CVE-2021-3858

snipe

The UI Performs the Wrong Action

Oct 4th 2021

Medium

•$80

Medium

•$80

CRITICAL

$0

HIGH

$0

MEDIUM

$0

LOW

$0