Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.
Advisories for Pypi/Inventree package
2022
Improper Neutralization of Formula Elements in a CSV File
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
Insufficient HTML Sanitization
Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in inventree.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in inventree.
Formula Injection in Exported Data
Datasets exported to file (e.g. CSV / XLS) are not sufficiently sanitized, to neutralize potential formula injection.