Multiple vulnerabilities in Snipe-IT

[Charalampos Maraziaris <cmaraziaris () census-labs com>]

Hello all,

I have identified an XSS (CVE-2022-44380) and a user fingerprinting issue (CVE-2022-44381) in Snipe-IT versions prior 
to 6.0.14.

There's more information about these issues here:
https://census-labs.com/news/2022/12/23/multiple-vulnerabilities-in-snipe-it/

The Snipe-IT project has patched CVE-2022-44380 in version 6.0.14, but CVE-2022-44381 has yet to be addressed correctly.

Best Regards,

Charalampos Maraziaris

Attachment: OpenPGP_signature
Description: OpenPGP digital signature