Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.
Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views.
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in inventree.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in inventree.
Datasets exported to file (e.g. CSV / XLS) are not sufficiently sanitized, to neutralize potential formula injection.