Octoprint: >> Octoprint >> 1.0.0 Security Vulnerabilities
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3.
CVSS Score
6.0
EPSS Score
0.002
Published
2022-10-19
Improper Privilege Management in GitHub repository octoprint/octoprint prior to 1.8.3.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-09-21
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists.
CVSS Score
4.4
EPSS Score
0.0
Published
2022-09-21
Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3.
CVSS Score
3.7
EPSS Score
0.002
Published
2022-09-21
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
CVSS Score
5.3
EPSS Score
0.0
Published
2022-08-22
An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts.
CVSS Score
3.7
EPSS Score
0.003
Published
2022-08-15
Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-18
Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-05-18
The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-05-11
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-05-11