Описание
Inventree vulnerable to Stored Cross-site Scripting
Inventree prior to 0.8.3 is vulnerable to stored cross-site scripting by uploading SVG files. Version 0.8.3 contains a patch for this issue.
Пакеты
Наименование
inventree
pip
Затронутые версииВерсия исправления
< 0.8.3
0.8.3
Связанные уязвимости
CVSS3: 5.4
nvd
больше 3 лет назад
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.