3 matches found
CVE-2022-30899
A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/partcategories...
CVE-2022-30899
A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/partcategories...
CVE-2022-30899
CVE-2022-30899 describes a Cross Site Scripting vulnerability in PartKeepr 1.4.0, exploitable via the name field in /api/part_categories. The issue stems from improper input handling that allows injected JavaScript when rendering the name, enabling potential code execution in a user’s browser. Af...