CVE-2025-5007

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-5007

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-5007.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-5007

Published

2025-05-20T23:15:19Z

Modified

2025-05-28T10:04:39.560942Z

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of the component Profile Picture Feature. The manipulation of the argument attachment leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.17.1 is able to address this issue. The identifier of the patch is 2c4f44e808500db19c391159b30cb6142896d415. It is recommended to upgrade the affected component.

References

Affected packages

Git / github.com/part-db/part-db-server

Affected ranges

Type: GIT
Repo: https://github.com/part-db/part-db-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2c4f44e808500db19c391159b30cb6142896d415

Fixed

b8d5b83eeea22f50f9f0deadfe0dc08982a4b137

Affected versions

v1.*

v1.0.0

v1.0.0-beta.1

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.10.0

v1.10.1

v1.10.2

v1.10.3

v1.10.4

v1.10.5

v1.10.6

v1.10.7

v1.11.0

v1.11.1

v1.11.2

v1.11.3

v1.12.0

v1.12.1

v1.13.0

v1.13.1

v1.13.2

v1.13.3

v1.14.0

v1.14.1

v1.14.2

v1.14.3

v1.14.4

v1.14.5

v1.15.0

v1.15.1

v1.15.2

v1.16.0

v1.16.1

v1.17.0

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.4.1

v1.4.2

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.8.0

v1.8.1

v1.8.2

v1.9.0

v1.9.1