GHSA-fww5-m9wc-jcjc: Snipe-IT is vulnerable to stored cross-site scripting

December 1, 2025 • Source: GitHub Global Advisories

Snipe-IT versions before 8.3.4 are vulnerable to stored XSS, allowing low-privileged users to escalate privileges via JavaScript injection in admin sessions.

Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.

This article is best viewed with JavaScript enabled. Visit: https://10alert.com/article/ghsa-fww5-m9wc-jcjc-snipe-it-is-vulnerable-to-stored-cross-site-scriptin-e878234c