Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrRajbabai8CB545C63-A3C1-4D57-8F06-E4593AB389BF
HistoryApr 20, 2022 - 5:49 p.m.

Cross-site Scripting (XSS) - Generic

2022-04-2017:49:03
rajbabai8
www.huntr.dev
12

0.001 Low

EPSS

Percentile

40.6%

JSON

Description

The Stream URL of octoprint application allowing xss payload to execute for which its leads to Cross-site Scripting (XSS

Proof of Concept

Login to the application

Now go to settings -> Webcam & Timelapse -> Stream URL and insert the payload "<img src> in the Stream URL and click on “Test”

You will see that its making a internal GET request

Image POC

https://drive.google.com/drive/folders/1gvRKz8AKOY8XE3O3z4mJdr61heIxGtH7?usp=sharing

Related

cve 1
prion 1
cnvd 1
nvd 1
veracode 1
osv 3
cvelist 1
github 1
cve
cve
CVE-2022-1432
2022-05-18 14:15:08
prion
prion
Cross site scripting
2022-05-18 14:15:00
cnvd
cnvd
OctoPrint webcam stream test cross-site scripting vulnerability
2022-05-20 00:00:00
nvd
nvd
CVE-2022-1432
2022-05-18 14:15:08
veracode
veracode
Cross-Site Scripting (XSS)
2022-05-19 08:21:12
osv
osv
Cross-site Scripting in OctoPrint
2022-05-19 00:00:30
CVE-2022-1432
2022-05-18 14:15:08
PYSEC-2022-201
2022-05-18 14:15:00
cvelist
cvelist
CVE-2022-1432 Cross-site Scripting (XSS) - Generic in octoprint/octoprint
2022-05-18 10:10:10
github
github
Cross-site Scripting in OctoPrint
2022-05-19 00:00:30

0.001 Low

EPSS

Percentile

40.6%

JSON
Related for CB545C63-A3C1-4D57-8F06-E4593AB389BF
cve1prion1cnvd1nvd1veracode1osv3cvelist1github1