4 matches found
CVE-2022-3355 Cross-site Scripting (XSS) - Stored in inventree/inventree
Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...
CVE-2022-3355 Cross-site Scripting (XSS) - Stored in inventree/inventree
Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...
CVE-2022-3355 Cross-site Scripting (XSS) - Stored in inventree/inventree
Cross-site Scripting XSS - Stored in GitHub repository inventree/inventree prior to 0.8.3...
CVE-2022-3355
CVE-2022-3355 is a stored XSS vulnerability in Inventree (inventree/inventree) prior to version 0.8.3. The issue arises from uploading SVG files, allowing a attacker to inject scripts that are stored and executed when the uploaded file is accessed. A patch exists in version 0.8.3 and later; a tem...