Sign-up

ID

VAR-201805-0269


CVE

CVE-2018-10326


TITLE

PrinterOn Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-005110

DESCRIPTION

PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest. PrinterOn Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PrinterOn Enterprise is a set of secure cloud printing solutions from PrinterOn Canada. The solution supports printing from laptops, desktops, and mobile devices to connected printers

Trust: 1.71

sources: NVD: CVE-2018-10326 // JVNDB: JVNDB-2018-005110 // VULHUB: VHN-120074

AFFECTED PRODUCTS

vendor:printeronmodel:printeronscope:eqversion:4.1.3

Trust: 1.6

vendor:printeronmodel:printeronscope:eqversion:enterprise 4.1.3

Trust: 0.8

sources: JVNDB: JVNDB-2018-005110 // CNNVD: CNNVD-201805-522 // NVD: CVE-2018-10326

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10326
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-10326
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-522
value: LOW

Trust: 0.6

VULHUB: VHN-120074
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-10326
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-120074
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10326
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-120074 // JVNDB: JVNDB-2018-005110 // CNNVD: CNNVD-201805-522 // NVD: CVE-2018-10326

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-120074 // JVNDB: JVNDB-2018-005110 // NVD: CVE-2018-10326

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-522

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201805-522

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005110

PATCH
title:PrinterOn Enterprise Editionurl:https://www.printeron.com/printing-software/enterprise-edition.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005110

EXTERNAL IDS
db:NVDid:CVE-2018-10326
Trust: 2.5
db:JVNDBid:JVNDB-2018-005110
Trust: 0.8
db:CNNVDid:CNNVD-201805-522
Trust: 0.6
db:VULHUBid:VHN-120074
Trust: 0.1
sources:
            
            
            VULHUB: VHN-120074 // 
            
            
            
            JVNDB: JVNDB-2018-005110 // 
            
            
            
            CNNVD: CNNVD-201805-522 // 
            
            
            
            NVD: CVE-2018-10326

REFERENCES
url:https://github.com/bzyo/cve-pocs/tree/master/cve-2018-10326
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10326
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10326
Trust: 0.8
sources:
            
            
            VULHUB: VHN-120074 // 
            
            
            
            JVNDB: JVNDB-2018-005110 // 
            
            
            
            CNNVD: CNNVD-201805-522 // 
            
            
            
            NVD: CVE-2018-10326

SOURCES
db:VULHUBid:VHN-120074
db:JVNDBid:JVNDB-2018-005110
db:CNNVDid:CNNVD-201805-522
db:NVDid:CVE-2018-10326

LAST UPDATE DATE
2024-11-23T21:38:58.441000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-120074date:2018-06-19T00:00:00
db:JVNDBid:JVNDB-2018-005110date:2018-07-06T00:00:00
db:CNNVDid:CNNVD-201805-522date:2018-07-07T00:00:00
db:NVDid:CVE-2018-10326date:2024-11-21T03:41:13.633

SOURCES RELEASE DATE
db:VULHUBid:VHN-120074date:2018-05-17T00:00:00
db:JVNDBid:JVNDB-2018-005110date:2018-07-06T00:00:00
db:CNNVDid:CNNVD-201805-522date:2018-05-17T00:00:00
db:NVDid:CVE-2018-10326date:2018-05-17T19:29:00.213