Partkeepr Security Vulnerabilities and Issues — Partkeepr CVE List

Lucene search

PartkeeprPartkeepr

4 matches found

CVE•added 2022/05/03 1:15 p.m.•1957 views

CVE-2021-39390

Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.

5.4CVSS5.2AI score0.00228EPSS

CVE•added 2022/06/08 4:15 p.m.•489 views

CVE-2022-30899

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.

4.8CVSS5AI score0.00207EPSS

Web

CVE•added 2022/01/10 2:12 p.m.•109 views

CVE-2022-22701

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files.

6.5CVSS6.1AI score0.00211EPSS

CVE•added 2022/01/10 2:12 p.m.•70 views

CVE-2022-22702

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.

4.3CVSS4.5AI score0.00121EPSS