PT-2026-5800 · Snipeitapp+1 · It Open Source Asset Management+1
Published
2026-02-03
·
Updated
2026-02-03
·
CVE-2019-25264
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Snipe-IT version 4.7.5
Description
A persistent cross-site scripting issue allows authorized users to upload malicious SVG files containing embedded JavaScript. An attacker can craft these SVG files with script tags to execute arbitrary JavaScript in the browser of other users when they view the accessory.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
It Open Source Asset Management
Snipe-It