Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTML/XSS injection possibilities in Part-DB
Vulnerability Description
Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to execute JavaScript code, unless in combination with other vulnerabilities. There are no workarounds, please upgrade to Pat-DB 1.0.2 or later.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
part-db 跨站脚本漏洞
Vulnerability Description
part-db是一个基于 Web 的数据库,用于管理电子元件。 part-db 1.0.2之前版本存在安全漏洞,该漏洞源于没有正确转义用户输入,攻击者利用该漏洞可以将任意HTML注入页面。
CVSS Information
N/A
Vulnerability Type
N/A