CVE-2022-3355

Name of the Vulnerable Software and Affected Versions Inventree versions prior to 0.8.3

Description The issue is related to stored Cross-site Scripting (XSS) in the GitHub repository inventree/inventree. This occurs by uploading SVG files, allowing for the storage of malicious scripts that can be executed when the uploaded file is accessed.

Recommendations For versions prior to 0.8.3, update to version 0.8.3 or later, which contains a patch for this issue. As a temporary workaround, consider restricting the upload of SVG files until the update can be applied.