VDB
KO
MEDIUM 5.4

PYSEC-2026-823

Inventree vulnerable to Stored Cross-site Scripting

Details

Inventree prior to 0.8.3 is vulnerable to stored cross-site scripting by uploading SVG files. Version 0.8.3 contains a patch for this issue.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / inventree
Introduced in: 0 Fixed in: 0.8.3
Fix pip install --upgrade 'inventree>=0.8.3'

References