CVE-2018-17167 Information

Description

PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) \Machine Host Name\ or \Server Serial Number\ field in the clustering configuration (2) \name\ field in the Edit Group configuration (3) \Rule Name\ field in the Access Control configuration (4) \Service Name\ in the Service Configuration or (5) First Name or Last Name field in the Edit Account configuration.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4