Lucene search

Partkeepr Security Vulnerabilities

cve

CVE-2022-30899

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in...

4.8CVSS

5AI Score

0.001EPSS

2022-06-08 04:15 PM

473

cve

CVE-2021-39390

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name...

5.4CVSS

5.2AI Score

0.001EPSS

2022-05-03 01:15 PM

1946

cve

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local...

6.5CVSS

6.1AI Score

0.001EPSS

2022-01-10 02:12 PM

cve

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port...

4.3CVSS

4.4AI Score

0.001EPSS

2022-01-10 02:12 PM