CVE-2024-51093

HIGH EPSS 32.1%

Published Nov 12, 20241y ago · Modified Jun 17, 20261w ago

8.7 CVSS 3.1

High

Published Nov 12, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payload is executed, granting the attacker super admin permissions within the Snipe-IT system.

CVSS Details

Base Score

8.7

Exploitability

2.3

Impact

5.8

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality High

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

32.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

Vendor	Product	Version	Range
snipeitapp	snipe-it	7.0.13	any

References 1

gist.githubusercontent.com https://gist.githubusercontent.com/Tommywarren/ca70f1c43f4ec34dc19cd13459535780/raw/d13192ae50bc7c024b922412dfa3f530faa8d5db/CVE-2024-51093

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.