Page 3 of 17 results (0.001 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. Un Cambio de Contraseña no Verificado en el repositorio de GitHub octoprint/octoprint versiones anteriores a 1.8.3. • https://github.com/octoprint/octoprint/commit/1453076ee3e47fcab2dc73664ec2d61d3ef7fc4f https://huntr.dev/bounties/da6745e4-7bcc-4e9a-9e96-0709ec9f2477 • CWE-620: Unverified Password Change •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An attacker can freely brute force username and password and can takeover any account. An attacker could easily guess user passwords and gain access to user and administrative accounts. Un atacante puede forzar libremente el nombre de usuario y la contraseña y tomar el control de cualquier cuenta. Un atacante podría adivinar fácilmente las contraseñas de los usuarios y conseguir acceso a las cuentas de usuario y administrativas. • https://github.com/octoprint/octoprint/commit/82c892ba40b3741d1b7711d949e56af64f5bc2de https://huntr.dev/bounties/6369f355-e6ef-4469-af75-0f6ff00cde3d • CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Genérico en el repositorio de GitHub octoprint/octoprint versiones anteriores a 1.8.0 • https://github.com/octoprint/octoprint/commit/6d259d7e6f5b0de9a1c762831537a386e53978d3 https://huntr.dev/bounties/cb545c63-a3c1-4d57-8f06-e4593ab389bf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - DOM in GitHub repository octoprint/octoprint prior to 1.8.0. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - DOM en el repositorio de GitHub octoprint/octoprint versiones anteriores a 1.8.0 • https://github.com/octoprint/octoprint/commit/8087528e4a7ddd15c7d95ff662deb5ef7de90045 https://huntr.dev/bounties/0cd30d71-1e32-4a0b-b4c3-faaa1907b541 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters. OctoPrint versiones anteriores a 1.6.0, permite un ataque de tipo XSS porque los mensajes de error de la API incluyen los valores de los parámetros de entrada • https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0 https://octoprint.org/blog/2021/04/27/new-release-1.6.0 https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •