PT-2022-13883 · Octoprint · Octoprint
Foosel
·
Published
2022-05-18
·
Updated
2022-05-25
·
CVE-2022-1430
CVSS v4.0
7.7
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
octoprint versions prior to 1.8.0
Description
The issue concerns a Cross-site Scripting (XSS) - DOM vulnerability in the GitHub repository octoprint. This vulnerability allows for javascript injection, potentially leading to account takeover in a phishing scenario, specifically through the login endpoint.
Recommendations
For versions prior to 1.8.0, update to version 1.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the login endpoint to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Octoprint