Sharp MFPs vulnerable to cross-site scripting attack
CVE-2024-48870

4.8MEDIUM

Key Information:

Vendor: Toshiba
Status: E-studio 908; E-studio 1058; E-studio 1208; Sharp Digital Full-color Mfps And Monochrome Mfps
Vendor: CVE Published:; 25 October 2024

Summary

Sharp and Toshiba Tec multi-function printers exhibit a vulnerability related to improper input data validation during URI data registration. This flaw allows an attacker, via crafted input, to store malicious scripts that may be executed in the web browsers of users accessing the affected system. If administrative users inadvertently store such input, it can lead to significant security risks for organizations, compromising user safety and exposing sensitive information.

Affected Version(s)

e-STUDIO 1058 T1.01.h4.00 and earlier versions

e-STUDIO 1208 T1.01.h4.00 and earlier versions

e-STUDIO 908 T2.12.h3.00 and earlier versions

References

https://jvn.jp/en/vu/JVNVU95063136/

https://global.sharp/products/copier/info/info_security_2...

https://www.toshibatec.com/information/20241025_01.html

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 25, 2024
Vulnerability Reserved
Oct 16, 2024