CVE-2018-17167

{"id": "CVE-2018-17167", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2019-03-21T16:00:23.983", "references": [{"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2018-17167-XSS-PrinterON", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) \"Machine Host Name\" or \"Server Serial Number\" field in the clustering configuration, (2) \"name\" field in the Edit Group configuration, (3) \"Rule Name\" field in the Access Control configuration, (4) \"Service Name\" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration."}, {"lang": "es", "value": "PrinterOn Enterprise 4.1.4 sufre de m\u00faltiples vulnerabilidades autenticadas de Cross-Site Scripting almacenado mediante (1) los campos \"Machine Host Name\" o \"Server Serial Number\" en la configuraci\u00f3n de cl\u00fasteres, (2) el campo \"name\" en la configuraci\u00f3n de Edit Group, (3) el campo \"Rule Name\" en la configuraci\u00f3n de Access Control, (4) \"Service Name\" en la configuraci\u00f3n del servicio o (5) los campos \"First Name\" o \"Last Name\" en la configuraci\u00f3n de Edit Account."}], "lastModified": "2024-11-21T03:53:59.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:printeron:printeron:4.1.4:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "EF15BCEE-A69E-4C53-B995-17261A63EAA4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}