mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2025-12-24 11:59:31 +00:00
dc906bfb0f
The "trans with" command is not automatically escaping the string, so this is a XSS (Cross-Site Scripting) vulnerability. Tested string: https://URL-TO-PART-DB-SERVER/de/parts/search?keyword=%22'%3E%3Cqss%20a%3D X147208852Y1_1Z%3E QUALYS Enterprise WAS Scan Report classifies this as level 5 security risk |
||
|---|---|---|
| .. | ||
| _action_bar.html.twig | ||
| _filter.html.twig | ||
| _info_card.html.twig | ||
| _parts_list.html.twig | ||
| all_list.html.twig | ||
| category_list.html.twig | ||
| footprint_list.html.twig | ||
| manufacturer_list.html.twig | ||
| search_list.html.twig | ||
| store_location_list.html.twig | ||
| supplier_list.html.twig | ||
| tags_list.html.twig | ||