CVE-2021-32561

Name of the Vulnerable Software and Affected Versions OctoPrint versions prior to 1.6.0

Description The issue allows for XSS because API error messages include the values of input parameters, such as username or other user-provided data. This can lead to malicious scripts being executed on the client-side.

Recommendations For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to API endpoints that include user-provided input parameters in error messages until a patch is available.