Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Part-DB Profile Picture Feature AttachmentSubmitHandler.php handleUpload cross site scripting
Vulnerability Description
A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.17.1 is able to address this issue. The identifier of the patch is 2c4f44e808500db19c391159b30cb6142896d415. It is recommended to upgrade the affected component.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Part-DB 代码注入漏洞
Vulnerability Description
Part-DB是Part-DB开源的一个基于 Web 的数据库,用于管理电子元件。 Part-DB 1.17.0及之前版本存在代码注入漏洞,该漏洞源于文件src/Services/Attachments/AttachmentSubmitHandler.php对参数attachment处理不当,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A