Vulnerability Database

321,822

Total vulnerabilities in the database

CVE-2019-25264

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.

Published: Feb 3, 2026
Updated: Feb 4, 2026
CVE: CVE-2019-25264
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.4
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://github.com/snipe/snipe-it/releases/tag/v4.7.5
https://snipeitapp.com/
https://www.exploit-db.com/exploits/47756
https://www.vulncheck.com/advisories/snipe-it-open-source-asset-management-persistent-cross-site-scripting

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo