CVE-2018-17167

Vulnerability

PrinterOn Enterprise version 4.1.4 (including both Admin and CPS components) is vulnerable to multiple authenticated stored cross-site scripting (XSS) issues. The vulnerable parameters are: serverAddress and serverSerialNumber in the clustering configuration (/clustering/processing/.../edit); name in the Edit Group configuration (/users/groups/edit); name in the Access Control rule add (/users/accessControl/rule/add); serviceName in the Service Configuration (/cps/.../basic/); and firstName and lastName in the Edit Account configuration (/cps/user/). Additionally, the documentURI_uri and documentURI_file parameters in the Store Options servlet (/cps/servlet/StoreOptions) are also vulnerable to stored XSS. [1]

Exploitation

An attacker must have authenticated access to the PrinterOn Admin or CPS interface. The attacker can inject arbitrary JavaScript into any of the listed fields. When an administrator or other user views the affected page (e.g., the clustering configuration, group edit, access control rules, service configuration, user profile, or store options), the injected script executes in the context of the victim's session. The stored XSS persists until the malicious input is removed. [1]

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the browser of any user who accesses the compromised configuration page. This can lead to session hijacking, defacement, or theft of sensitive information displayed in the application. The attacker does not gain direct server-side code execution but can perform actions on behalf of the victim user. [1]

Mitigation

As of the publication date (March 2019), no official patch has been disclosed. The vendor, PrinterOn, has not released a fixed version. Users should restrict administrative access to trusted individuals and consider applying input validation or output encoding as a workaround. If the product is no longer supported, migration to an alternative solution may be necessary. [1]