groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-28 22:09:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
4271 commits 19 branches 72 tags 109 MiB
Commit graph

3 commits

Author SHA1 Message Date
Jan Böhmer
490086d531 Use the same translation for the panel with enabled search options, like in the checkbox options in navbar 2024-10-16 23:59:23 +02:00
Sascha Lenk
dc906bfb0f
vulnerability XSS fix 
The "trans with" command is not automatically escaping the string, so this is a XSS (Cross-Site Scripting) vulnerability.
Tested string: https://URL-TO-PART-DB-SERVER/de/parts/search?keyword=%22'%3E%3Cqss%20a%3D X147208852Y1_1Z%3E

QUALYS Enterprise WAS Scan Report classifies this as level 5 security risk
 2023-02-25 22:42:03 +01:00
Jan Böhmer
9097220026 Renamed parts/ templates folder to recommended snake_case style 2023-02-04 23:05:39 +01:00
Renamed from templates/Parts/lists/search_list.html.twig (Browse further)