Lucene search
Veracode Vulnerability DatabaseVERACODE:35619HistoryMay 20, 2022 - 4:17 a.m.
Cross-site Scripting (XSS)
2022-05-2004:17:34
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
octoprint
cross-site scripting
validation
redirect_url
login function
views.py
malicious javascript
vulnerability
EPSS
0.002
Percentile
56.5%
OctoPrint is vulnerable to cross-site scripting. The vulnerability exists due to the lack of validation in the redirect_url parameter in the login function of views.py, allowing an attacker to inject and execute malicious javascript by redirecting to malicious URLs.
Related
osv
osv
PYSEC-2022-200
2022-05-18 14:15:00
CVE-2022-1430
2022-05-18 14:15:08
Cross-site Scripting in OctoPrint
2022-05-19 00:00:31
huntr
huntr
Dom xss leads to account takeover
2022-04-19 18:25:15
prion
prion
Cross site scripting
2022-05-18 14:15:00
cvelist
cvelist
CVE-2022-1430 Cross-site Scripting (XSS) - DOM in octoprint/octoprint
2022-05-18 10:00:14
nvd
nvd
CVE-2022-1430
2022-05-18 14:15:08
github
github
Cross-site Scripting in OctoPrint
2022-05-19 00:00:31
cve
cve
CVE-2022-1430
2022-05-18 14:15:08