CNNVD-202511-2318 Information

CNNVD ID

CNNVD-202511-2318

Related CVE

CVE-2025-64027

• CNNVD Published: 2025-11-20

Description (Chinese)

Snipe-IT是Grokability开源的一套开源IT资产/许可证管理系统。 Snipe-IT v8.3.4版本存在安全漏洞，该漏洞源于CSV导入工作流中存在反射型跨站脚本，可能导致执行任意JavaScript。

Description (English)

Snipe-IT is an open-source IT asset/licence management system for the open source of Grokability. There is a security loophole in version Snipe-IT v8.3.4, which stems from the presence of reflective cross-site scripts in the CSV import workflow, which may result in the execution of any JavaScript.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Grokability

Published

2025-11-20

Last Modified

2026-02-24

References

https://github.com/grokability/snipe-it https://github.com/cybercrewinc/CVE-2025-64027/ https://access.redhat.com/security/cve/cve-2025-64027

Patch

https://github.com/grokability/snipe-it/releases