PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.
References
Link | Resource |
---|---|
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON | Exploit Third Party Advisory |
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:53
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON - Exploit, Third Party Advisory |
Information
Published : 2019-03-21 16:00
Updated : 2024-11-21 03:53
NVD link : CVE-2018-17167
Mitre link : CVE-2018-17167
CVE.ORG link : CVE-2018-17167
JSON object : View
Products Affected
printeron
- printeron
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')