Lucene search

Partkeepr Security Vulnerabilities

cve

CVE-2021-39390

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.

5.4CVSS

5.2AI Score

0.001EPSS

2022-05-03 01:15 PM

1949

cve

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files.

6.5CVSS

6.1AI Score

0.001EPSS

2022-01-10 02:12 PM

100

cve

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.

4.3CVSS

4.5AI Score

0.001EPSS

2022-01-10 02:12 PM

cve

CVE-2022-30899

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.

4.8CVSS

5AI Score

0.001EPSS

2022-06-08 04:15 PM

481