Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross-Site Scripting (XSS) in "/api/part_categories" #1240

Open
tuando243 opened this issue May 12, 2022 · 0 comments
Open

Cross-Site Scripting (XSS) in "/api/part_categories" #1240

tuando243 opened this issue May 12, 2022 · 0 comments
Labels
Bug needs-triage incoming, please sort

Comments

@tuando243
Copy link

Bug description

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.

Steps to reproduce

  1. Login as admin.
  2. Click on 'Add Category'.
  3. Insert XSS payload (<img src=1 onerror=alert('xss')>) in the "Name" field and click on Save.

1

2

3
@tuando243 tuando243 added Bug needs-triage incoming, please sort labels May 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug needs-triage incoming, please sort
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tuando243