Sharp MFPs vulnerable to cross-site scripting attack

CVE-2024-48870

4.8MEDIUM

Key Information

Vendor: Toshiba Tec Corporation
Status: E-studio 908; E-studio 1058; E-studio 1208; Sharp Digital Full-color Mfps And Monochrome Mfps
Vendor: CVE Published:; 25 October 2024

Summary

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.

Affected Version(s)

e-STUDIO 908 = T2.12.h3.00 and earlier versions

e-STUDIO 1058 = T1.01.h4.00 and earlier versions

e-STUDIO 1208 = T1.01.h4.00 and earlier versions

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Oct 25, 2024
Vulnerability Reserved.
Oct 16, 2024

Collectors

NVD DatabaseMitre Database