We found results for “”
WS-2022-0157
Good to know:
Date: June 17, 2022
inventree up to 0.7.2 is vulnerable to Cross-Site Scripting (XSS) in Markdown Editor. By default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected into the markdown editor, and executed in the users browser.
Language: Python
Severity Score
Severity Score
Weakness Type (CWE)
Cross-Site Scripting (XSS)
CWE-79Top Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |