Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS14N3I3LXdtajgtdnY1Z84AAgaY

High CVSS: 7.7 EPSS: 0.00396% (0.59515 Percentile) EPSS:
Permalink JSON

Cross-site Scripting in OctoPrint

Affected Packages Affected Versions Fixed Versions
pypi:OctoPrint < 1.8.0 1.8.0
1 Dependent packages
6 Dependent repositories
11,845 Downloads last month

Affected Version Ranges

All affected versions

1.3.11, 1.3.12, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.7.2, 1.7.3

All unaffected versions

1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.8.7, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.11.0, 1.11.1, 1.11.2

Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. The login endpoint allows for javascript injection which may lead to account takeover in a phishing scenario.

References:

Identifiers

GHSA-x7r7-wmj8-vv5g

CVE-2022-1430

Risk

Severity

High

CVSS

CVSS Score: 7.7

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00396

EPSS Percentile: 0.59515

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/octoprint/octoprint

Date and time

Published

about 3 years ago

Updated

10 months ago

API

JSON