Lucene search
+L

319 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:58 p.m.6 views

CVE-2022-1430

Cross-site Scripting XSS - DOM in GitHub repository octoprint/octoprint prior to 1.8.0...

7.5CVSS6AI score0.01303EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:50 p.m.9 views

CVE-2022-1432

Cross-site Scripting XSS - Generic in GitHub repository octoprint/octoprint prior to 1.8.0...

7.5CVSS5.9AI score0.01177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:55 a.m.9 views

CVE-2024-32977

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if the...

9.4CVSS7.2AI score0.00897EPSS
Exploits1References1
Veracode
Veracode
added 2024/11/14 6:33 a.m.8 views

Authentication Bypass

OctoPrint is vulnerable to an Authentication Bypass. The vulnerability is due to inadequate session handling in OctoPrint, which allows an attacker with temporary control over an authenticated session to access or delete the API key without requiring reauthentication...

6.5CVSS6.5AI score0.00282EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2024/11/14 5:39 a.m.6 views

Reflected Cross-Site Scripting (Reflected XSS)

OctoPrint is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to unescaped user inputs in OctoPrint’s login dialog and standalone application key confirmation dialog, allows attackers to inject malicious scripts that get reflected back to the user's browser...

6.1CVSS6.1AI score0.00265EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/11/05 7:15 p.m.45 views

CVE-2024-51493

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

6.5CVSS0.00282EPSS
Exploits0References1
PyPA
PyPA
added 2024/11/05 7:15 p.m.7 views

PYSEC-2024-202

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

6.5CVSS6.4AI score0.00282EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/05 7:15 p.m.23 views

PYSEC-2024-202

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

6.5CVSS6.3AI score0.00282EPSS
Exploits0References1
NVD
NVD
added 2024/11/05 7:15 p.m.32 views

CVE-2024-49377

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

6.1CVSS0.00265EPSS
Exploits0References1
PyPA
PyPA
added 2024/11/05 7:15 p.m.9 views

PYSEC-2024-201

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

6.1CVSS6.1AI score0.00265EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/11/05 7:15 p.m.9 views

PYSEC-2024-201

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

6.1CVSS6.3AI score0.00265EPSS
Exploits0References1
CVE
CVE
added 2024/11/05 6:20 p.m.52 views

CVE-2024-49377

OctoPrint (web UI for controlling 3D printers) up to version 1.10.2 is affected by reflected XSS in the Jinja2 templates used for the login dialog and the standalone application key confirmation dialog. An attacker could lure a victim to click a crafted login link or trigger the application key w...

6.1CVSS5.8AI score0.00265EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/05 6:20 p.m.12 views

CVE-2024-49377 Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

5.5CVSS6.5AI score0.00265EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/05 6:20 p.m.40 views

CVE-2024-49377 Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

5.5CVSS0.00265EPSS
Exploits0References1
OSV
OSV
added 2024/11/05 6:20 p.m.8 views

CVE-2024-49377 Jinja2 Templates are vulnerable to XSS attacks due to their configuration in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on...

5.5CVSS5.9AI score0.00265EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/05 6:17 p.m.22 views

CVE-2024-51493 API key access in settings without reauthentication in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

5.3CVSS6.6AI score0.00282EPSS
Exploits0References1
CVE
CVE
added 2024/11/05 6:17 p.m.95 views

CVE-2024-51493

CVE-2024-51493 (OctoPrint) affects OctoPrint up to version 1.10.2. An attacker who gains temporary control of an authenticated victim’s browser session can retrieve/recreate/delete the user’s API key (and, if admin, the global API key) without reauthentication, enabling API access or workflow dis...

6.5CVSS5.3AI score0.00282EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/11/05 6:17 p.m.45 views

CVE-2024-51493 API key access in settings without reauthentication in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

5.3CVSS0.00282EPSS
Exploits0References1
OSV
OSV
added 2024/11/05 6:17 p.m.15 views

CVE-2024-51493 API key access in settings without reauthentication in OctoPrint

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user...

5.3CVSS6.2AI score0.00282EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/11/05 3:8 p.m.22 views

OctoPrint has API key access in settings without reauthentication

Impact OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key...

6.5CVSS6.5AI score0.00282EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder