ByteOS Network

NVD Vulnerability Details :

CVE-2021-42639

Analyzed

Source-cve@mitre.org

Published At-02 Feb, 2022 | 18:15

Updated At-08 Feb, 2022 | 14:07

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.1

Base score: 6.1

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

printerlogic>>web_stack>>Versions before 19.1.1.13(exclusive)

cpe:2.3:a:printerlogic:web_stack:*:*:*:*:*:*:*:*

printerlogic>>web_stack>>19.1.1.13

cpe:2.3:a:printerlogic:web_stack:19.1.1.13:-:*:*:*:*:*:*

printerlogic>>web_stack>>19.1.1.13

cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp2:*:*:*:*:*:*

printerlogic>>web_stack>>19.1.1.13

cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp3-3:*:*:*:*:*:*

printerlogic>>web_stack>>19.1.1.13

cpe:2.3:a:printerlogic:web_stack:19.1.1.13:sp9:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://printerlogic.com	cve@mitre.org	Product
https://portswigger.net/daily-swig/printerlogic-vendor-addresses-triple-rce-threat-against-all-connected-endpoints	cve@mitre.org	Not Applicable
https://securityaffairs.co/wordpress/127194/security/printerlogic-printer-management-suite-flaws.html	cve@mitre.org	Third Party Advisory
https://thecyberthrone.in/2022/01/26/printerlogic-%F0%9F%96%A8-fixes-critical-vulnerabilities-in-its-suite/?utm_source=rss&utm_medium=rss&utm_campaign=printerlogic-%25f0%259f%2596%25a8-fixes-critical-vulnerabilities-in-its-suite	cve@mitre.org	Third Party Advisory
https://www.printerlogic.com/security-bulletin/	cve@mitre.org	Vendor Advisory
https://www.securityweek.com/printerlogic-patches-code-execution-flaws-printer-management-suite	cve@mitre.org	Third Party Advisory
https://www.yahooinc.com/paranoids/paranoids-vulnerability-research-printerlogic-issues-security-alert/	cve@mitre.org	Exploit Third Party Advisory