PrinterOn Enterprise 4.1.4 suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Machine Host Name" or "Server Serial Number" field in the clustering configuration, (2) "name" field in the Edit Group configuration, (3) "Rule Name" field in the Access Control configuration, (4) "Service Name" in the Service Configuration, or (5) First Name or Last Name field in the Edit Account configuration.
Add your gear to cvedb and we'll alert you only when printeron ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.