Sharp MFPs vulnerable to cross-site scripting attack
CVE-2024-48870

4.8MEDIUM

Key Information:

Vendor

Toshiba
Status
E-studio 908
E-studio 1058
E-studio 1208
Sharp Digital Full-color Mfps And Monochrome Mfps
Vendor
CVE Published:
25 October 2024

What is CVE-2024-48870?

Sharp and Toshiba Tec multi-function printers exhibit a vulnerability related to improper input data validation during URI data registration. This flaw allows an attacker, via crafted input, to store malicious scripts that may be executed in the web browsers of users accessing the affected system. If administrative users inadvertently store such input, it can lead to significant security risks for organizations, compromising user safety and exposing sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

e-STUDIO 1058 T1.01.h4.00 and earlier versions

e-STUDIO 1208 T1.01.h4.00 and earlier versions

e-STUDIO 908 T2.12.h3.00 and earlier versions

References

https://jvn.jp/en/vu/JVNVU95063136/
https://global.sharp/products/copier/info/info_security_2...
https://www.toshibatec.com/information/20241025_01.html

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.