OctoPrint is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation in the redirect_url
parameter in the login
function of views.py
, allowing an attacker to inject and execute malicious javascript by redirecting to malicious URLs.