inventree 0.6.1 vulnerabilities

Known vulnerabilities in the inventree package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) inventree is a Python interface for InvenTree inventory management system Affected versions of this package are vulnerable to Cross-site Scripting (XSS) as data fields retrieved from the database are not properly sanitized before displaying in various front-end views. How to fix Cross-site Scripting (XSS)? Upgrade `inventree` to version 0.7.2 or higher.	[,0.7.2)
M Cross-site Scripting (XSS) inventree is a Python interface for InvenTree inventory management system Affected versions of this package are vulnerable to Cross-site Scripting (XSS) such that by default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected into the markdown editor, and executed in the users browser. Note: This malicious data must be first uploaded to the database by an authorized user, so the risk here is limited to trusted users. How to fix Cross-site Scripting (XSS)? Upgrade `inventree` to version 0.8.0 or higher.	[,0.8.0)
M Cross-site Scripting (XSS) inventree is a Python interface for InvenTree inventory management system Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, allowing authenticated users to exploit this vulnerability via multiple front-end views. How to fix Cross-site Scripting (XSS)? Upgrade `inventree` to version 0.7.2 or higher.	[,0.7.2)
M Cross-site Scripting (XSS) inventree is a Python interface for InvenTree inventory management system Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to allowing unrestricted upload of files as attachments to various database fields. How to fix Cross-site Scripting (XSS)? Upgrade `inventree` to version 0.7.2 or higher.	[,0.7.2)
M Cross-site Scripting (XSS) inventree is a Python interface for InvenTree inventory management system Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, which allows an attacker to upload malicious SVG files. How to fix Cross-site Scripting (XSS)? Upgrade `inventree` to version 0.8.3 or higher.	[,0.8.3)
H CSV Injection inventree is a Python interface for InvenTree inventory management system Affected versions of this package are vulnerable to CSV Injection due to an improper neutralization of formula elements of `CSV` files. How to fix CSV Injection? Upgrade `inventree` to version 0.7.2 or higher.	[,0.7.2)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

inventree is a Python interface for InvenTree inventory management system

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) as data fields retrieved from the database are not properly sanitized before displaying in various front-end views.

How to fix Cross-site Scripting (XSS)?

Upgrade inventree to version 0.7.2 or higher.

[,0.7.2)

Cross-site Scripting (XSS)

inventree is a Python interface for InvenTree inventory management system

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) such that by default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected into the markdown editor, and executed in the users browser.

Note: This malicious data must be first uploaded to the database by an authorized user, so the risk here is limited to trusted users.

How to fix Cross-site Scripting (XSS)?

Upgrade inventree to version 0.8.0 or higher.

[,0.8.0)

Cross-site Scripting (XSS)

inventree is a Python interface for InvenTree inventory management system

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, allowing authenticated users to exploit this vulnerability via multiple front-end views.

How to fix Cross-site Scripting (XSS)?

Upgrade inventree to version 0.7.2 or higher.

[,0.7.2)

Cross-site Scripting (XSS)

inventree is a Python interface for InvenTree inventory management system

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to allowing unrestricted upload of files as attachments to various database fields.

How to fix Cross-site Scripting (XSS)?

Upgrade inventree to version 0.7.2 or higher.

[,0.7.2)

Cross-site Scripting (XSS)

inventree is a Python interface for InvenTree inventory management system

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, which allows an attacker to upload malicious SVG files.

How to fix Cross-site Scripting (XSS)?

Upgrade inventree to version 0.8.3 or higher.

[,0.8.3)

CSV Injection

inventree is a Python interface for InvenTree inventory management system

Affected versions of this package are vulnerable to CSV Injection due to an improper neutralization of formula elements of CSV files.

How to fix CSV Injection?

Upgrade inventree to version 0.7.2 or higher.

[,0.7.2)

inventree@0.6.1 vulnerabilities

Python interface for InvenTree inventory management system

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?