groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-25 04:19:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Part-DB-server/templates/parts
History
Sascha Lenk dc906bfb0f
vulnerability XSS fix 
The "trans with" command is not automatically escaping the string, so this is a XSS (Cross-Site Scripting) vulnerability.
Tested string: https://URL-TO-PART-DB-SERVER/de/parts/search?keyword=%22'%3E%3Cqss%20a%3D X147208852Y1_1Z%3E

QUALYS Enterprise WAS Scan Report classifies this as level 5 security risk
2023-02-25 22:42:03 +01:00
..
edit Added possibility to save parts and create an empty one 2023-02-05 21:00:26 +01:00
info Fixed image display style for odd shaped (very small) images. 2023-02-20 00:24:12 +01:00
lists vulnerability XSS fix 2023-02-25 22:42:03 +01:00