CVE-2018-17167

PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.
Configurations

Configuration 1 (hide)

cpe:2.3:a:printeron:printeron:4.1.4:*:*:*:enterprise:*:*:*

History

21 Nov 2024, 03:53

Type Values Removed Values Added
References () https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON - Exploit, Third Party Advisory () https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON - Exploit, Third Party Advisory

Information

Published : 2019-03-21 16:00

Updated : 2024-11-21 03:53


NVD link : CVE-2018-17167

Mitre link : CVE-2018-17167

CVE.ORG link : CVE-2018-17167


JSON object : View

Products Affected

printeron

  • printeron
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')