3 matches found
CVE-2024-47610
The CVE-2024-47610 issue affects InvenTree before 0.16.5, where a registered user can store JavaScript in Markdown notes fields that are rendered for other logged-in users, enabling stored cross-site scripting (XSS). Root cause: lack of input sanitization in the Markdown rendering path and storag...
CVE-2024-47610 Stored Cross-site Scripting Vulnerability in Markdown Editor
InvenTree is an Open Source Inventory Management System. In affected versions of InvenTree it is possible for a registered user to store javascript in markdown notes fields, which are then displayed to other logged in users who visit the same page and executed. The vulnerability has been addresse...
PT-2022-27691 · Unknown · Opendaylight
Name of the Vulnerable Software and Affected Versions: OpenDaylight versions prior to 0.16.5 Description: A SQL injection issue was discovered in the AAA component of OpenDaylight. The deleteRole function in RoleStore.java is affected when using the API interface /auth/v1/roles/. Recommendations:...