41 matches found
CVE-2021-39390
CVE-2021-39390 describes a Stored XSS in PartKeepr 1.4.0. The vulnerability arises in the edit module where multiple API endpoints accept a name parameter without proper sanitization/validation, allowing injection of JavaScript that can be executed in the client browser. Affected software: PartKe...
CVE-2021-39390
Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter...
PartKeepr 跨站脚本漏洞
PartKeepr is an inventory management software. Designed primarily for electronic components, PartKeepr version 1.4.0 suffers from a cross-site scripting vulnerability that stems from a lack of name parameters in multiple api ports of the edit module to filter user-supplied data and output data...
PartKeepr Information Disclosure Vulnerability
PartKeepr is an inventory management software designed primarily for electronic components. a security vulnerability exists in PartKeepr, which stems from the use of a file:// URL that allows attachments to be loaded when creating parts, which can be exploited by an authenticated attacker to read...
PartKeepr server-side request forgery vulnerability
PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...
CVE-2022-22702
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...
CVE-2022-22701
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...
CVE-2022-22702
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...
CVE-2022-22701
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...
Design/Logic Flaw
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...
Code injection
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...
PartKeepr 信息泄露漏洞
PartKeepr is an inventory management software designed primarily for electronic components. a security vulnerability exists in PartKeepr, which stems from the use of a file:// URL that allows attachments to be loaded when creating parts, which can be exploited by an authenticated attacker to read...
PartKeepr 代码问题漏洞
PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...
CVE-2022-22702
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...
CVE-2022-22702
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...
CVE-2022-22702
CVE-2022-22702 concerns PartKeepr up to version 1.4.0, where uploading attachments via a URL does not validate requests to local ports, enabling an authenticated user to perform SSRF and port enumeration. The root cause is the lack of validation in the URL-based attachment upload flow, exposing t...
CVE-2022-22701
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...
CVE-2022-22701
PartKeepr vulnerability (CVE-2022-22701) affects PartKeepr up to v1.4.0 and is triggered when loading attachments by URL, enabling the use of the file:// URI scheme. An authenticated user can read local files due to how attachments are loaded during part creation. Impact is read access to local f...
CVE-2022-22701
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...
PT-2022-15642 · Partkeepr · Partkeepr
Name of the Vulnerable Software and Affected Versions: PartKeepr versions up to v1.4.0 Description: The issue allows an authenticated user to read local files by utilizing the 'file://' URI scheme when loading attachments using a URL while creating a part. Recommendations: For versions up to...