CVE-2024-47610 Stored Cross-site Scripting Vulnerability in Markdown Editor

InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...

CVE-2024-47610

The CVE-2024-47610 issue affects InvenTree before 0.16.5, where a registered user can store JavaScript in Markdown notes fields that are rendered for other logged-in users, enabling stored cross-site scripting (XSS). Root cause: lack of input sanitization in the Markdown rendering path and storag...

PT-2024-32671

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 0.16.5 Description The issue allows a registered user to store JavaScript in markdown notes fields, which are then displayed to other logged-in users who visit the same page and executed. The estimated number of...

InvenTree 跨站脚本漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking. A cross-site scripting vulnerability exists in InvenTree versions prior to 0.16.5, which originated by allowing a registered user to store JavaScri...

Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP

Impact The "download image from remote URL" feature can be abused by a malicious actor to potentially extract information about server side resources. Submitting a crafted URL in place of a valid image can raise a server side error, which is reported back to the user. This error message may conta...

inventree-digikey-integration (>=0.1.1 <=1.0.0), kintree (>=1.1.0 <=1.1.3) potentially affected by unknown CVE via inventree (>=0.13.5 <=0.14.0)

inventree PYPI version =0.13.5, =0.1.1, =1.1.0, =1.1.3 Source cves: unknown CVE Source advisory: OSV:GHSA-VX3H-QWQW-R2WQ...

Inventree vulnerable to Stored Cross-site Scripting

Inventree prior to 0.8.3 is vulnerable to stored cross-site scripting by uploading SVG files. Version 0.8.3 contains a patch for this issue...

GHSA-62G7-FPV9-V95F Inventree vulnerable to Stored Cross-site Scripting

Inventree prior to 0.8.3 is vulnerable to stored cross-site scripting by uploading SVG files. Version 0.8.3 contains a patch for this issue...

CVE-2022-3355

Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...

CVE-2022-3355

CVE-2022-3355 is a stored XSS vulnerability in Inventree (inventree/inventree) prior to version 0.8.3. The issue arises from uploading SVG files, allowing a attacker to inject scripts that are stored and executed when the uploaded file is accessed. A patch exists in version 0.8.3 and later; a tem...

CVE-2022-3355 Cross-site Scripting (XSS) - Stored in inventree/inventree

Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...

CVE-2022-3355 Cross-site Scripting (XSS) - Stored in inventree/inventree

Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...

CVE-2022-3355 Cross-site Scripting (XSS) - Stored in inventree/inventree

Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...

PT-2022-21787 · Inventree · Inventree

Name of the Vulnerable Software and Affected Versions: Inventree versions prior to 0.8.3 Description: The issue is related to stored Cross-site Scripting XSS in the GitHub repository inventree/inventree. This occurs by uploading SVG files, allowing for the storage of malicious scripts that can be...

InvenTree 跨站脚本漏洞

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking. A cross-site scripting vulnerability exists in InvenTree versions prior to 0.8.3 that stems from the presence of cross-site scripting attacks XSS...

InvenTree Denial of Service Vulnerability

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A denial of service vulnerability exists in InvenTree versions prior to 0.8.0 that stems from the annotations feature not including a character...

InvenTree CSV Injection Vulnerability

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A CSV injection vulnerability exists in InvenTree versions prior to 0.7.2, which stems from an application that does not filter the escaping of...

InvenTree File Upload Vulnerability

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A file upload vulnerability exists in InvenTree versions prior to 0.7.2, which stems from the application's lack of effective validation of upload...

InvenTree Cross-Site Scripting Vulnerability

InvenTree is an open source inventory management system from InvenTree Open Source. Provides powerful low-level inventory control and parts tracking . A cross-site scripting vulnerability exists in InvenTree versions prior to 0.7.2, which stems from the application's lack of filtering and escapin...