CVE-2024-48870

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://global.sharp/products/copier/info/info_security_2024-10.html
https://jvn.jp/en/vu/JVNVU95063136/
https://www.toshibatec.com/information/20241025_01.html

Configurations

No configuration.

History

25 Oct 2024, 12:56

Type	Values Removed	Values Added
Summary		(es) Los equipos multifunción Sharp y Toshiba Tec validan incorrectamente los datos de entrada en el registro de datos URI, lo que genera una vulnerabilidad de cross-site scripting almacenado. Si un usuario administrativo almacena datos de entrada manipulados, es posible que se ejecuten secuencias de comandos maliciosas en los navegadores web de otros usuarios víctimas.

25 Oct 2024, 09:15

Type	Values Removed	Values Added
References	~~{'url': 'https://global.sharp/products/copier/info/info_security_2024-10-25.html', 'source': 'vultures@jpcert.or.jp'}~~	() https://global.sharp/products/copier/info/info_security_2024-10.html -

25 Oct 2024, 07:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-25 07:15

Updated : 2024-10-25 12:56

NVD link : CVE-2024-48870

Mitre link : CVE-2024-48870

CVE.ORG link : CVE-2024-48870

JSON object : View

Products Affected

No product.

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

6.2 /10