Exploit Title: SnipeIT 6.2.1 - Stored Cross Site Scripting
Date: 06-Oct-2023
Exploit Author: Shahzaib Ali Khan
Vendor Homepage: https://snipeitapp.com
Software Link: https://github.com/snipe/snipe-it/releases/tag/v6.2.1
Version: 6.2.1
Tested on: Windows 11 22H2 and Ubuntu 20.04
CVE: CVE-2023-5452
Description: SnipeIT 6.2.1 is affected by a stored cross-site scripting
(XSS) feature that allows attackers to execute JavaScript commands. The
location endpoint was vulnerable.
Steps to Reproduce:
1. Login as a standard user [non-admin] > Asset page > List All
2. Click to open any asset > Edit Asset
3. Create new location and add the payload:
<script>alert(document.cookie)</script>
4. Now login to any other non-admin or admin > Asset page > List All
5. Open the same asset of which you can change the location and the payload
will get executed.