CNNVD-202602-389 Information
CNNVD ID
CNNVD-202602-389
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
Snipe-IT是Grokability开源的一套开源IT资产/许可证管理系统。 Snipe-IT 4.7.5版本存在跨站脚本漏洞,该漏洞源于授权用户可以上传包含嵌入式JavaScript的恶意SVG文件,可能导致执行任意JavaScript。
Description (English)
Snipe-IT is an open-source IT asset/licence management system for the open source of Grokability. Version 4.5 of Snipe-IT 4.7.5 has a cross-site script loophole, which stems from the fact that authorized users can upload malicious SVG documents containing embedded JavaScript, which could lead to the execution of any JavaScript.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Grokability
Published
2026-02-03
Last Modified
2026-02-24
References
https://snipeitapp.com/ https://github.com/snipe/snipe-it/releases/tag/v4.7.5 https://www.exploit-db.com/exploits/47756 https://www.vulncheck.com/advisories/snipe-it-open-source-asset-management-persistent-cross-site-scripting https://access.redhat.com/security/cve/cve-2019-25264
Patch
https://snipeitapp.com/download
Share on: