firef0x00/vulnerability-research

Releases0

This repository contains information on the CVEs I found.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-65622 ↗	Dec 1, 2025Monday, 1 December 2025, 22:15	5.4 MEDIUM	—
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
CVE-2025-65621 ↗	Dec 1, 2025Monday, 1 December 2025, 21:15	5.4 MEDIUM	—
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.