Cross-site Scripting Vulnerability Affects Multiple MFPs
CVE-2024-36249

7.4HIGH

Key Information:

Vendor: Sharp Corporation
Status: Multiple Mfps (multifunction Printers)
Vendor: CVE Published:; 26 November 2024

Summary

A cross-site scripting vulnerability has been identified in various multifunction printers manufactured by Sharp Corporation and Toshiba Tech Corporation. This vulnerability allows for the execution of arbitrary scripts on the administrative web interface of the affected MFPs, potentially compromising sensitive administrative functions. Users of these devices are advised to refer to vendor-specific documentation for detailed information on the models affected and the necessary steps to mitigate this security risk. Continuous monitoring and applying the latest security patches are recommended to enhance protection against such vulnerabilities.

Affected Version(s)

Multiple MFPs (multifunction printers) See the information provided by Sharp Corporation listed under [References]

Multiple MFPs (multifunction printers) See the information provided by Toshiba Tec Corporation listed under [References]

References

https://global.sharp/products/copier/info/info_security_2...

https://jp.sharp/business/print/information/info_security...

https://www.toshibatec.com/information/20240531_02.html

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 26, 2024
Vulnerability Reserved
May 22, 2024