First published: Tue May 11 2021(Updated: )
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Octoprint Octoprint | <1.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-32561 is a vulnerability in OctoPrint before version 1.6.0 that allows cross-site scripting (XSS) attacks due to API error messages including the values of input parameters.
CVE-2021-32561 has a severity rating of 6.1, which is considered medium.
CVE-2021-32561 allows attackers to perform cross-site scripting attacks on OctoPrint installations.
Yes, the vulnerability has been fixed in OctoPrint version 1.6.0.
You can find more information about CVE-2021-32561 at the following references: 1. [OctoPrint Release 1.6.0](https://github.com/OctoPrint/OctoPrint/releases/tag/1.6.0) 2. [OctoPrint Blog - New Release 1.6.0](https://octoprint.org/blog/2021/04/27/new-release-1.6.0/) 3. [Brzozowski.io - The Insecure Story of OctoPrint](https://www.brzozowski.io/web-applications/2021/05/11/the-insecure-story-of-octoprint.html)