Febin0X10

**Name of the Vulnerable Software and Affected Versions** InvenTree versions prior to 0.16.5 **Description** The issue allows a registered user to store JavaScript in markdown notes fields, which are then displayed to other logged-in users who visit the same page and executed. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 0.16.5, update to release version 0.16.5 or later to address the issue. As a temporary workaround, consider disabling the markdown notes fields until the update is applied. Restrict access to the markdown rendering library - `easymde` - to minimize the risk of exploitation. Avoid using the markdown notes fields in the affected pages until the issue is resolved.