PrinterOn
Products
3- 3 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10327 | Hig | 0.46 | 7.0 | 0.00 | May 17, 2018 | PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file. | ||
| CVE-2018-10326 | Med | 0.35 | 5.4 | 0.01 | May 17, 2018 | PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest. | ||
| CVE-2018-17213 | 0.00 | — | 0.01 | Jul 29, 2019 | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform… | |||
| CVE-2018-17211 | 0.00 | — | 0.02 | Jul 29, 2019 | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request. | |||
| CVE-2018-17210 | 0.00 | — | 0.02 | Jul 19, 2019 | An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level… | |||
| CVE-2018-17169 | 0.00 | — | 0.02 | Apr 23, 2019 | An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. |
- risk 0.46cvss 7.0epss 0.00
PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file.
- risk 0.35cvss 5.4epss 0.01
PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest.
- CVE-2018-17213Jul 29, 2019risk 0.00cvss —epss 0.01
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. A user without valid credentials can bypass the authentication process, obtaining a valid session cookie with guest/pseudo-guest level privileges. This cookie can then be further used to perform…
- CVE-2018-17211Jul 29, 2019risk 0.00cvss —epss 0.02
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. An unauthenticated attacker can view details about the printers associated with CPS via a crafted HTTP GET request.
- CVE-2018-17210Jul 19, 2019risk 0.00cvss —epss 0.02
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core components that create and launch a print job do not perform complete verification of the session cookie that is supplied to them. As a result, an attacker with guest/pseudo-guest level…
- CVE-2018-17169Apr 23, 2019risk 0.00cvss —epss 0.02
An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.