CVE-2026-55464 in snipe-it
Сводка
по MITRE • 10.07.2026
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, CommonMark escapes raw HTML but does not sanitize javascript: URIs in Markdown hyperlinks, allowing a user with assets.edit permission to place a malicious link in a markdown-textarea custom field that executes arbitrary JavaScript when another user opens the asset detail page and clicks the link. This issue is fixed in version 8.6.2.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.