CVE-2021-32561

CVE-2021-32561

EPSS 1.1%

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0 https://octoprint.org/blog/2021/04/27/new-release-1.6.0/https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html