CVE-2026-44831 - Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
📡 GitHub-Advisory · 2026-05-08
CVE-2026-44831 - Snipe-IT has Stored XSS via Component Checkout Notes (v8.4.0)
CVE-2026-44831
GHSA-r42m-953q-6vjx MEDIUM composer/snipe/snipe-it
CVE: CVE-2026-44831
Impact
Users with component view access could be impacted by an unescaped notes column.
Patches
This was patched in https://github.com/grokability/snipe-it/commit/28f493d84d057895fbb93b6570e7393a2c2fa438, and is fixed in v8.4.1 or greater.
Workarounds
None.
📌 来源: GitHub-Advisory | 🆔 CVE-2026-44831 | 📅 2026-05-08