2 matches found
CVE-2024-28237 OctoPrint XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through th...
CVE-2024-28237
The CVE-2024-28237 issue affects OctoPrint prior to 1.10.0rc3, specifically the Classic Webcam plugin snapshot URL feature. The root cause is a cross-site scripting (XSS) vulnerability where a crafted webcam snapshot URL tested via the web interface can cause JavaScript to execute in a victim adm...