Vulnerabilities > Printeron > Printeron > 4.1.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-23 | CVE-2018-17169 | XXE vulnerability in Printeron An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | 4.0 |
2019-04-18 | CVE-2018-17168 | Cross-Site Request Forgery (CSRF) vulnerability in Printeron 4.1.4 PrinterOn Enterprise 4.1.4 contains multiple Cross Site Request Forgery (CSRF) vulnerabilities in the Administration page. | 4.3 |
2019-03-21 | CVE-2018-17167 | Cross-site Scripting vulnerability in Printeron 4.1.4 PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration. | 3.5 |
2018-12-17 | CVE-2018-19936 | Improper Input Validation vulnerability in Printeron 4.1.4 PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion. | 5.5 |