CVE-2024-1883
14.03.2024, 04:15
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability.
| Vendor | Product | Version |
|---|---|---|
| papercut | papercut_mf | 𝑥 < 20.1.10 |
| papercut | papercut_mf | 21.0.0 ≤ 𝑥 < 21.2.14 |
| papercut | papercut_mf | 22.0.0 ≤ 𝑥 < 22.1.5 |
| papercut | papercut_mf | 23.0.1 ≤ 𝑥 < 23.0.7 |
| papercut | papercut_ng | 𝑥 < 20.1.10 |
| papercut | papercut_ng | 21.0.0 ≤ 𝑥 < 21.2.14 |
| papercut | papercut_ng | 22.0.0 ≤ 𝑥 < 22.1.5 |
| papercut | papercut_ng | 23.0.1 ≤ 𝑥 < 23.0.7 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-76 - Improper Neutralization of Equivalent Special ElementsThe software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.