Sign-up

ID

VAR-201903-1060


CVE

CVE-2018-17167


TITLE

PrinterOn Enterprise Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-015089

DESCRIPTION

PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration. PrinterOn Enterprise Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PrinterOn Enterprise is a set of secure cloud printing solutions from PrinterOn Canada. The solution supports printing from laptops, desktops, and mobile devices to connected printers. There is a cross-site scripting vulnerability in PrinterOn Enterprise 4.1.4, which is caused by the lack of proper validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.8

sources: NVD: CVE-2018-17167 // JVNDB: JVNDB-2018-015089 // VULHUB: VHN-127599 // VULMON: CVE-2018-17167

AFFECTED PRODUCTS

vendor:printeronmodel:printeronscope:eqversion:4.1.4

Trust: 1.0

vendor:printeronmodel:printeronscope:eqversion:enterprise 4.1.4

Trust: 0.8

sources: JVNDB: JVNDB-2018-015089 // NVD: CVE-2018-17167

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-17167
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-17167
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201903-718
value: MEDIUM

Trust: 0.6

VULHUB: VHN-127599
value: LOW

Trust: 0.1

VULMON: CVE-2018-17167
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-17167
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-127599
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-17167
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-127599 // VULMON: CVE-2018-17167 // JVNDB: JVNDB-2018-015089 // CNNVD: CNNVD-201903-718 // NVD: CVE-2018-17167

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-127599 // JVNDB: JVNDB-2018-015089 // NVD: CVE-2018-17167

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201903-718

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201903-718

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-015089

PATCH
title:PrinterOn Enterprise Editionurl:https://www.printeron.com/printing-software/enterprise-edition.html
Trust: 0.8
title:th3trinity.github.iourl:https://github.com/th3trinity/th3trinity.github.io 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-17167 // 
            
            
            
            JVNDB: JVNDB-2018-015089

EXTERNAL IDS
db:NVDid:CVE-2018-17167
Trust: 2.6
db:JVNDBid:JVNDB-2018-015089
Trust: 0.8
db:CNNVDid:CNNVD-201903-718
Trust: 0.7
db:VULHUBid:VHN-127599
Trust: 0.1
db:VULMONid:CVE-2018-17167
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127599 // 
            
            
            
            VULMON: CVE-2018-17167 // 
            
            
            
            JVNDB: JVNDB-2018-015089 // 
            
            
            
            CNNVD: CNNVD-201903-718 // 
            
            
            
            NVD: CVE-2018-17167

REFERENCES
url:https://github.com/drunkenshells/disclosures/tree/master/cve-2018-17167-xss-printeron
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-17167
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17167
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://github.com/th3trinity/th3trinity.github.io
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-127599 // 
            
            
            
            VULMON: CVE-2018-17167 // 
            
            
            
            JVNDB: JVNDB-2018-015089 // 
            
            
            
            CNNVD: CNNVD-201903-718 // 
            
            
            
            NVD: CVE-2018-17167

SOURCES
db:VULHUBid:VHN-127599
db:VULMONid:CVE-2018-17167
db:JVNDBid:JVNDB-2018-015089
db:CNNVDid:CNNVD-201903-718
db:NVDid:CVE-2018-17167

LAST UPDATE DATE
2024-11-23T22:33:57.665000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-127599date:2019-03-26T00:00:00
db:VULMONid:CVE-2018-17167date:2019-03-26T00:00:00
db:JVNDBid:JVNDB-2018-015089date:2019-04-24T00:00:00
db:CNNVDid:CNNVD-201903-718date:2019-04-01T00:00:00
db:NVDid:CVE-2018-17167date:2024-11-21T03:53:59.633

SOURCES RELEASE DATE
db:VULHUBid:VHN-127599date:2019-03-21T00:00:00
db:VULMONid:CVE-2018-17167date:2019-03-21T00:00:00
db:JVNDBid:JVNDB-2018-015089date:2019-04-24T00:00:00
db:CNNVDid:CNNVD-201903-718date:2019-03-21T00:00:00
db:NVDid:CVE-2018-17167date:2019-03-21T16:00:23.983