cvedb.io
CVE-2024-49377
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2024-11-05T19:15:05.737 · Last modified 2026-06-17T07:59:47.483

Summary

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on a specially crafted login link, or a malicious app running on a victim's computer triggering the application key workflow with specially crafted parameters and then redirecting the victim to the related standalone confirmation dialog could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The above mentioned specific vulnerabilities of the login dialog and the standalone application key confirmat

Affected products

octoprint — octoprint

Does this affect you?

Add your gear to cvedb and we'll alert you only when octoprint ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.