Lucene search
K

41 matches found

CVE
CVE
added 2022/05/03 12:5 p.m.1969 views

CVE-2021-39390

CVE-2021-39390 describes a Stored XSS in PartKeepr 1.4.0. The vulnerability arises in the edit module where multiple API endpoints accept a name parameter without proper sanitization/validation, allowing injection of JavaScript that can be executed in the client browser. Affected software: PartKe...

5.4CVSS5.2AI score0.0064EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/05/03 12:5 p.m.26 views

CVE-2021-39390

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter...

5.4AI score0.0064EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/03 12:0 a.m.3 views

PartKeepr 跨站脚本漏洞

PartKeepr is an inventory management software. Designed primarily for electronic components, PartKeepr version 1.4.0 suffers from a cross-site scripting vulnerability that stems from a lack of name parameters in multiple api ports of the edit module to filter user-supplied data and output data...

5.4CVSS5.8AI score0.0064EPSS
Exploits1References4
CNVD
CNVD
added 2022/01/14 12:0 a.m.17 views

PartKeepr Information Disclosure Vulnerability

PartKeepr is an inventory management software designed primarily for electronic components. a security vulnerability exists in PartKeepr, which stems from the use of a file:// URL that allows attachments to be loaded when creating parts, which can be exploited by an authenticated attacker to read...

6.5CVSS2.7AI score0.01017EPSS
Exploits1References1
CNVD
CNVD
added 2022/01/14 12:0 a.m.15 views

PartKeepr server-side request forgery vulnerability

PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...

4.3CVSS2.9AI score0.00713EPSS
Exploits1References1
OSV
OSV
added 2022/01/10 2:12 p.m.18 views

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...

4.3CVSS6.6AI score
Exploits0References2
NVD
NVD
added 2022/01/10 2:12 p.m.12 views

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...

6.5CVSS0.01017EPSS
Exploits1References2
NVD
NVD
added 2022/01/10 2:12 p.m.14 views

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...

4.3CVSS0.00713EPSS
Exploits1References2
OSV
OSV
added 2022/01/10 2:12 p.m.20 views

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...

6.5CVSS6.4AI score
Exploits0References2
Prion
Prion
added 2022/01/10 2:12 p.m.15 views

Design/Logic Flaw

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...

4CVSS4.5AI score0.00713EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/01/10 2:12 p.m.14 views

Code injection

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...

4CVSS6.2AI score0.01017EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.3 views

PartKeepr 信息泄露漏洞

PartKeepr is an inventory management software designed primarily for electronic components. a security vulnerability exists in PartKeepr, which stems from the use of a file:// URL that allows attachments to be loaded when creating parts, which can be exploited by an authenticated attacker to read...

6.5CVSS5.5AI score0.01017EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.5 views

PartKeepr 代码问题漏洞

PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...

4.3CVSS5.6AI score0.00713EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/01/07 10:0 p.m.21 views

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...

4.8AI score0.00713EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/01/07 10:0 p.m.6 views

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration...

4.3CVSS5.7AI score0.00713EPSS
Exploits1References3
CVE
CVE
added 2022/01/07 10:0 p.m.85 views

CVE-2022-22702

CVE-2022-22702 concerns PartKeepr up to version 1.4.0, where uploading attachments via a URL does not validate requests to local ports, enabling an authenticated user to perform SSRF and port enumeration. The root cause is the lack of validation in the URL-based attachment upload flow, exposing t...

4.3CVSS4.5AI score0.00713EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/01/07 9:59 p.m.18 views

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...

6.4AI score0.01017EPSS
Exploits1References2
CVE
CVE
added 2022/01/07 9:59 p.m.120 views

CVE-2022-22701

PartKeepr vulnerability (CVE-2022-22701) affects PartKeepr up to v1.4.0 and is triggered when loading attachments by URL, enabling the use of the file:// URI scheme. An authenticated user can read local files due to how attachments are loaded during part creation. Impact is read access to local f...

6.5CVSS6.1AI score0.01017EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/01/07 9:59 p.m.7 views

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files...

6.5CVSS6.5AI score0.01017EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/01/07 12:0 a.m.3 views

PT-2022-15642 · Partkeepr · Partkeepr

Name of the Vulnerable Software and Affected Versions: PartKeepr versions up to v1.4.0 Description: The issue allows an authenticated user to read local files by utilizing the 'file://' URI scheme when loading attachments using a URL while creating a part. Recommendations: For versions up to...

6.5CVSS6.8AI score0.01017EPSS
Exploits1References6
Rows per page
Query Builder