PT-2018-9830 · Printeron · Printeron Enterprise
Published
2018-05-17
·
Updated
2018-06-19
·
CVE-2018-10326
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
PrinterOn Enterprise version 4.1.3
Description:
The issue concerns multiple authenticated stored XSS vulnerabilities. These vulnerabilities can be exploited via the department field in the printer configuration, the description field in the print server configuration, and the username field for authentication to print as guest.
Recommendations:
For PrinterOn Enterprise version 4.1.3, update the software to a version that includes fixes for these vulnerabilities. As a temporary workaround, consider restricting access to the department field in the printer configuration, the description field in the print server configuration, and the username field for guest printing until a patch is available. Avoid using these fields in a way that could introduce malicious scripts.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Printeron Enterprise