[snipe/snipe-it] Stored cross-site scripting in Snipe-IT

Snipe-IT prior to version 5.4.3 is vulnerable to stored cross-site scripting because the input to the checked_out_to parameter is not escaped. The vulnerability is capable of stealing a user’s cookie.

References

• https://nvd.nist.gov/vuln/detail/CVE-2022-1445
• https://github.com/snipe/snipe-it/commit/f623d05d0c3487ae24c4f13907e4709484e5bf41
• https://huntr.dev/bounties/f4420149-5236-4051-a458-5d4f1d5b7abd
• https://github.com/advisories/GHSA-hpx4-xjp7-m4vr