PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.
References
Link | Resource |
---|---|
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-03-20T20:28:52
Updated: 2019-03-20T20:28:52
Reserved: 2018-09-18T00:00:00
Link: CVE-2018-17167
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-21T16:00:23.983
Modified: 2019-03-26T13:20:02.160
Link: CVE-2018-17167
JSON object: View
Redhat Information
No data.
CWE