Foosel

**Name of the Vulnerable Software and Affected Versions** OctoPrint versions prior to 1.8.3 **Description** The issue is related to the failure to sanitize special elements into a different plane, also known as Special Element Injection. This problem affects the OctoPrint software. **Recommendations** For versions prior to 1.8.3, update to version 1.8.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** octoprint/octoprint versions prior to 1.8.3 **Description** The issue is related to improper privilege management, allowing a user with read access only to access a privileged user's account and functionality. **Recommendations** For versions prior to 1.8.3, update to version 1.8.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** octoprint versions prior to 1.8.0 **Description** The issue concerns a Cross-site Scripting (XSS) - DOM vulnerability in the GitHub repository octoprint. This vulnerability allows for javascript injection, potentially leading to account takeover in a phishing scenario, specifically through the login endpoint. **Recommendations** For versions prior to 1.8.0, update to version 1.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the login endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** octoprint versions prior to 1.8.0 **Description** The issue is related to Cross-site Scripting (XSS) - Generic in the octoprint application. Specifically, the Stream URL allows a XSS payload to execute. **Recommendations** For versions prior to 1.8.0, update to version 1.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Stream URL to minimize the risk of exploitation.