InvenTree is InvenTree open source an open source inventory management system . A cross-site scripting vulnerability exists in InvenTree versions prior to 0.7.2, which stems from the application’s lack of filtering and escaping for parameter data. An attacker could exploit the vulnerability to execute JavaScript code on the client side.