Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) inventree is a Python interface for InvenTree inventory management system Affected versions of this package are vulnerable to Cross-site Scripting (XSS) such that by default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected into the markdown editor, and executed in the users browser. Note: This malicious data must be first uploaded to the database by an authorized user, so the risk here is limited to trusted users. How to fix Cross-site Scripting (XSS)? Upgrade `inventree` to version 0.8.0 or higher.	[,0.8.0)
M Cross-site Scripting (XSS) inventree is a Python interface for InvenTree inventory management system Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, which allows an attacker to upload malicious SVG files. How to fix Cross-site Scripting (XSS)? Upgrade `inventree` to version 0.8.3 or higher.	[,0.8.3)

Cross-site Scripting (XSS)

inventree is a Python interface for InvenTree inventory management system

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) such that by default, EasyMDE does not sanitize input data, and it is possible for malicious code to be injected into the markdown editor, and executed in the users browser.

Note: This malicious data must be first uploaded to the database by an authorized user, so the risk here is limited to trusted users.

How to fix Cross-site Scripting (XSS)?

Upgrade inventree to version 0.8.0 or higher.

[,0.8.0)

Cross-site Scripting (XSS)

inventree is a Python interface for InvenTree inventory management system

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, which allows an attacker to upload malicious SVG files.

How to fix Cross-site Scripting (XSS)?

Upgrade inventree to version 0.8.3 or higher.

[,0.8.3)

Go back to all versions of this package