XSS in Grokability Snipe-it
CVE-2026-55466
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSa…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Grokability Snipe-it — versions < 8.6.2
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)