CVE-2021-32561

CVE-2021-32561

EPSS 1.1%

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0 https://octoprint.org/blog/2021/04/27/new-release-1.6.0/https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html