CVE-2021-32561: XSS
First published: Tue May 11 2021(Updated: )
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Octoprint Octoprint | <1.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-32561?
CVE-2021-32561 is a vulnerability in OctoPrint before version 1.6.0 that allows cross-site scripting (XSS) attacks due to API error messages including the values of input parameters.
How severe is CVE-2021-32561?
CVE-2021-32561 has a severity rating of 6.1, which is considered medium.
How does CVE-2021-32561 impact OctoPrint?
CVE-2021-32561 allows attackers to perform cross-site scripting attacks on OctoPrint installations.
Is there a fix for CVE-2021-32561?
Yes, the vulnerability has been fixed in OctoPrint version 1.6.0.
Where can I find more information about CVE-2021-32561?
You can find more information about CVE-2021-32561 at the following references: 1. [OctoPrint Release 1.6.0](https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0) 2. [OctoPrint Blog - New Release 1.6.0](https://octoprint.org/blog/2021/04/27/new-release-1.6.0/) 3. [Brzozowski.io - The Insecure Story of OctoPrint](https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html)
- collector/nvd-index
- vendor/octoprint
- canonical/octoprint octoprint