groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-27 05:19:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
2222 commits 19 branches 72 tags 109 MiB
Commit graph

3 commits

Author SHA1 Message Date
Sascha Lenk
dc906bfb0f
vulnerability XSS fix 
The "trans with" command is not automatically escaping the string, so this is a XSS (Cross-Site Scripting) vulnerability.
Tested string: https://URL-TO-PART-DB-SERVER/de/parts/search?keyword=%22'%3E%3Cqss%20a%3D X147208852Y1_1Z%3E

QUALYS Enterprise WAS Scan Report classifies this as level 5 security risk
 2023-02-25 22:42:03 +01:00
Jan Böhmer
12d4c2f4d9 Renamed label_system templates folder to recommended snake_style style 2023-02-04 23:15:11 +01:00
Jan Böhmer
9097220026 Renamed parts/ templates folder to recommended snake_case style 2023-02-04 23:05:39 +01:00