CVE-2023-26042

Name of the Vulnerable Software and Affected Versions Part-DB versions prior to 1.0.2

Description Part-DB is an open source inventory management system for electronic components. A issue was found where user input was not properly escaped, allowing malicious users to inject arbitrary HTML into pages. The Content-Security-Policy prevents inline and external scripts, so JavaScript code cannot be executed unless combined with other issues.

Recommendations For versions prior to 1.0.2, upgrade to Part-DB 1.0.2 or later.