exploitDog

CVE-2018-17167

Опубликовано: 21 мар. 2019

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.

Ссылки

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON
Exploit
Third Party Advisory
https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:printeron:printeron:4.1.4:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 61%

0.0042

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5fjf-3575-357p

CVSS3: 5.4

github

больше 3 лет назад

PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.

EPSS

Процентиль: 61%

0.0042

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79