PartKeepr icon indicating copy to clipboard operation
PartKeepr copied to clipboard

Published 20 hours ago verified publisher icon partkeepr

Cross-Site Scripting (XSS) in "/api/part_categories"

Open tuando243 opened this issue 2 years ago • 0 comments

Bug description

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.

Steps to reproduce

  1. Login as admin.
  2. Click on 'Add Category'.
  3. Insert XSS payload (<img src=1 onerror=alert('xss')>) in the "Name" field and click on Save.

1

2

3

tuando243 avatar May 12 '22 08:05 tuando243