CVE-2018-17167

Name of the Vulnerable Software and Affected Versions PrinterOn Enterprise version 4.1.4

Description The issue affects PrinterOn Enterprise, where multiple authenticated stored XSS vulnerabilities have been identified. These vulnerabilities can be exploited via various fields, including the Machine Host Name or Server Serial Number field in the clustering configuration, the name field in the Edit Group configuration, the Rule Name field in the Access Control configuration, the Service Name in the Service Configuration, or the First Name or Last Name field in the Edit Account configuration.

Recommendations For PrinterOn Enterprise version 4.1.4, as a temporary workaround, consider restricting access to the clustering configuration, Edit Group configuration, Access Control configuration, Service Configuration, and Edit Account configuration to minimize the risk of exploitation. Avoid using the vulnerable fields until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.