Vulnerabilities > Octoprint > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-05 | CVE-2024-49377 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Octoprint OctoPrint provides a web interface for controlling consumer 3D printers. | 6.1 |
| 2024-11-05 | CVE-2024-51493 | Missing Authentication for Critical Function vulnerability in Octoprint OctoPrint provides a web interface for controlling consumer 3D printers. | 6.5 |
| 2024-03-18 | CVE-2024-28237 | Cross-site Scripting vulnerability in Octoprint OctoPrint provides a web interface for controlling consumer 3D printers. | 4.8 |
| 2024-01-31 | CVE-2024-23637 | Improper Authentication vulnerability in Octoprint OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. | 4.9 |
| 2023-10-09 | CVE-2023-41047 | Unspecified vulnerability in Octoprint OctoPrint is a web interface for 3D printers. | 6.5 |
| 2022-10-19 | CVE-2022-3607 | Injection vulnerability in Octoprint Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository octoprint/octoprint prior to 1.8.3. | 6.0 |
| 2022-09-21 | CVE-2022-2888 | Unspecified vulnerability in Octoprint If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account exists. | 4.4 |
| 2022-09-21 | CVE-2022-2872 | Unspecified vulnerability in Octoprint Unrestricted Upload of File with Dangerous Type in GitHub repository octoprint/octoprint prior to 1.8.3. | 5.4 |
| 2022-05-18 | CVE-2022-1432 | Cross-site Scripting vulnerability in Octoprint Cross-site Scripting (XSS) - Generic in GitHub repository octoprint/octoprint prior to 1.8.0. | 6.4 |
| 2021-05-11 | CVE-2021-32560 | Unspecified vulnerability in Octoprint The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not *.log files. | 6.5 |