InvenTree 安全漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and parts tracking capabilities. Versions of InvenTree prior to 1.2.3 contained security vulnerabilities, which were caused by insecure server-side templates. These...

EUVD-2024-42543

Malicious code in bioql PyPI...

EUVD-2023-29928

Malicious code in bioql PyPI...

CVE-2023-39707

A stored cross-site scripting XSS vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section...

CVE-2023-39709

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section...

CVE-2023-51813

CVE-2023-51813 describes a CSRF vulnerability in the Free Open-Source Inventory Management System v1.0. The issue arises via the staff_list parameter in the index.php component, allowing a remote attacker to execute arbitrary code. The available documents do not specify affected build details bey...

CVE-2023-7155

A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/editproduct.php. The manipulation of the argument id leads to sql injection. It is possible to initiate t...

CVE-2023-39711

Technical details about CVE-2023-39711 are not publicly available in the provided connected documents. Monitor for updates from sources in this dataset for affected products, impact, and fixes.

PT-2023-27082 · Unknown · Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: Free and Open Source Inventory Management System version 1.0 Description: The issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Name, Address, and Company parameters under the "Add Custome...

CVE-2023-39709

Multiple cross-site scripting XSS vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section...

CVE-2023-39708

CVE-2023-39708 corresponds to a stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0. The issue arises from injecting arbitrary web scripts/HTML via the Add New parameter under the New Buy section. Affected component is the web application; the ...

CVE-2023-39709

CVE-2023-39709 affects Free and Open Source Inventory Management System v1.0. The issue is multiple cross-site scripting (XSS) vulnerabilities that allow attackers to inject arbitrary web scripts via the Name, Address, and Company fields in the Add Member section. The CVSS v3.1 base score is 6.1 ...

CVE-2023-39707

CVE-2023-39707 concerns a stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0, allowing an attacker to inject arbitrary web scripts via the Add Expense field under Expense. The issue is tied to how input is handled in that parameter, enabling s...

PT-2023-27078 · Unknown · Free/Open Source Inventory Management System

Name of the Vulnerable Software and Affected Versions: Free and Open Source Inventory Management System version 1.0 Description: A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter...