B1D0Ws

**Name of the Vulnerable Software and Affected Versions** Part-DB versions up to 1.17.0 **Description** A vulnerability was found in the Profile Picture Feature of Part-DB, affecting the `handleUpload` function of the `AttachmentSubmitHandler.php` file. The manipulation of the `attachment` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For Part-DB versions up to 1.17.0, upgrade to version 1.17.1 to address this issue. As a temporary workaround, consider restricting the use of the `handleUpload` function of the `AttachmentSubmitHandler.php` file until the upgrade is applied.