SnipCommand 0.1.0 - Persistent Cross-Site Scripting | Advisories

Advisories

SnipCommand 0.1.0 - Persistent Cross-Site Scripting

severity: medium
date: January 16, 2026
Affecting: SnipCommand 0.1.0
CVE: CVE-2021-47841
CWE: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS: 5.1
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
References: ExploitDB-49829
SnipCommand GitHub Repository
Proof of Concept Video
Credit: TaurusOmar
Description: SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs.