partkeepr/PartKeepr

partkeepr/PartKeepr

www.partkeepr.org

Releases32

Frequency2 months 1 week

Last Release about 8 years ago

Stars1.53K

Open Source Inventory Management

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-30899 ↗	Jun 8, 2022Wednesday, 8 June 2022, 16:15	4.8 MEDIUM	3.5 LOW
A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.
CVE-2021-39390 ↗	May 3, 2022Tuesday, 3 May 2022, 13:15	5.4 MEDIUM	3.5 LOW
Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.
CVE-2022-22701 ↗	Jan 10, 2022Monday, 10 January 2022, 14:12	6.5 MEDIUM	4 MEDIUM
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files.
CVE-2022-22702 ↗	Jan 10, 2022Monday, 10 January 2022, 14:12	4.3 MEDIUM	4 MEDIUM
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.