CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.

Published Dec 4, 2025

https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622 https://github.com/advisories/GHSA-4g25-wj72-chxg

CVSS ScoreMedium

5.4

Ecosystem	Package	Version

Ecosystem	Package	Version

Vulnerabilities

CVE-2025-65622

Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.

Published Dec 4, 2025

https://github.com/firef0x00/vulnerability-research/tree/main/CVE-2025-65622 https://github.com/advisories/GHSA-4g25-wj72-chxg

CVSS ScoreMedium

5.4


composer	snipe/snipe-it	3.2.0
composer	snipe/snipe-it	v0.1.0
composer	snipe/snipe-it	v0.1.1
composer	snipe/snipe-it	v0.1.2
composer	snipe/snipe-it	v0.2.0
composer	snipe/snipe-it	v0.3.0-alpha
composer	snipe/snipe-it	v0.3.10-alpha
composer	snipe/snipe-it	v0.3.11-alpha
composer	snipe/snipe-it	v0.3.7-alpha
composer	snipe/snipe-it	v0.3.8-alpha
composer	snipe/snipe-it	v0.3.9-alpha
composer	snipe/snipe-it	v1.0
composer	snipe/snipe-it	v1.1
composer	snipe/snipe-it	v1.2.0
composer	snipe/snipe-it	v1.2.10
composer	snipe/snipe-it	v1.2.11
composer	snipe/snipe-it	v1.2.1
composer	snipe/snipe-it	v1.2.2
composer	snipe/snipe-it	v1.2.3-beta
composer	snipe/snipe-it	v1.2.3
composer	snipe/snipe-it	v1.2.4-beta
composer	snipe/snipe-it	v1.2.4
composer	snipe/snipe-it	v1.2.5
composer	snipe/snipe-it	v1.2.6-beta
composer	snipe/snipe-it	v1.2.6.1
composer	snipe/snipe-it	v1.2.6
composer	snipe/snipe-it	v1.2.7-beta
composer	snipe/snipe-it	v1.2.7
composer	snipe/snipe-it	v1.2.8
composer	snipe/snipe-it	v1.2.9
composer	snipe/snipe-it	v2.0-RC-1
composer	snipe/snipe-it	v2.0-beta
composer	snipe/snipe-it	v2.0.1
composer	snipe/snipe-it	v2.0.2
composer	snipe/snipe-it	v2.0.3
composer	snipe/snipe-it	v2.0.4
composer	snipe/snipe-it	v2.0.5
composer	snipe/snipe-it	v2.0.6
composer	snipe/snipe-it	v2.0
composer	snipe/snipe-it	v2.1.0
composer	snipe/snipe-it	v2.1.1
composer	snipe/snipe-it	v2.1.2
composer	snipe/snipe-it	v3.0-alpha2
composer	snipe/snipe-it	v3.0-alpha
composer	snipe/snipe-it	v3.0-beta.1
composer	snipe/snipe-it	v3.0-beta.2
composer	snipe/snipe-it	v3.0-beta.3
composer	snipe/snipe-it	v3.0.0-beta
composer	snipe/snipe-it	v3.0
composer	snipe/snipe-it	v3.1.0

Ecosystem	Package	Version


composer	snipe/snipe-it	3.2.0
composer	snipe/snipe-it	v0.1.0
composer	snipe/snipe-it	v0.1.1
composer	snipe/snipe-it	v0.1.2
composer	snipe/snipe-it	v0.2.0
composer	snipe/snipe-it	v0.3.0-alpha
composer	snipe/snipe-it	v0.3.10-alpha
composer	snipe/snipe-it	v0.3.11-alpha
composer	snipe/snipe-it	v0.3.7-alpha
composer	snipe/snipe-it	v0.3.8-alpha
composer	snipe/snipe-it	v0.3.9-alpha
composer	snipe/snipe-it	v1.0
composer	snipe/snipe-it	v1.1
composer	snipe/snipe-it	v1.2.0
composer	snipe/snipe-it	v1.2.10
composer	snipe/snipe-it	v1.2.11
composer	snipe/snipe-it	v1.2.1
composer	snipe/snipe-it	v1.2.2
composer	snipe/snipe-it	v1.2.3-beta
composer	snipe/snipe-it	v1.2.3
composer	snipe/snipe-it	v1.2.4-beta
composer	snipe/snipe-it	v1.2.4
composer	snipe/snipe-it	v1.2.5
composer	snipe/snipe-it	v1.2.6-beta
composer	snipe/snipe-it	v1.2.6.1
composer	snipe/snipe-it	v1.2.6
composer	snipe/snipe-it	v1.2.7-beta
composer	snipe/snipe-it	v1.2.7
composer	snipe/snipe-it	v1.2.8
composer	snipe/snipe-it	v1.2.9
composer	snipe/snipe-it	v2.0-RC-1
composer	snipe/snipe-it	v2.0-beta
composer	snipe/snipe-it	v2.0.1
composer	snipe/snipe-it	v2.0.2
composer	snipe/snipe-it	v2.0.3
composer	snipe/snipe-it	v2.0.4
composer	snipe/snipe-it	v2.0.5
composer	snipe/snipe-it	v2.0.6
composer	snipe/snipe-it	v2.0
composer	snipe/snipe-it	v2.1.0
composer	snipe/snipe-it	v2.1.1
composer	snipe/snipe-it	v2.1.2
composer	snipe/snipe-it	v3.0-alpha2
composer	snipe/snipe-it	v3.0-alpha
composer	snipe/snipe-it	v3.0-beta.1
composer	snipe/snipe-it	v3.0-beta.2
composer	snipe/snipe-it	v3.0-beta.3
composer	snipe/snipe-it	v3.0.0-beta
composer	snipe/snipe-it	v3.0
composer	snipe/snipe-it	v3.1.0

Find vulnerabilities. Fix fast with AI.

CVE-2025-65622

CVE-2025-65622