XML External Entity (XXE) Vulnerability in PrinterOn Version 4.1.4 and Lower: Arbitrary File Read and SSRF via Crafted DTD

XML External Entity (XXE) Vulnerability in PrinterOn Version 4.1.4 and Lower: Arbitrary File Read and SSRF via Crafted DTD

CVE-2018-17169 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

An XML external entity (XXE) vulnerability in PrinterOn version 4.1.4 and lower allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request.

Learn more about our Cis Benchmark Audit For Server Software.