We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-48870



Description

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.

Reserved 2024-10-16 | Published 2024-10-25 | Updated 2024-10-25 | Assigner jpcert


MEDIUM: 6.2CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Problem types

Cross-site scripting (XSS)

Product status

T2.12.h3.00 and earlier versions
affected

T1.01.h4.00 and earlier versions
affected

T1.01.h4.00 and earlier versions
affected

see the information provided by Sharp Corporation
affected

References

jvn.jp/en/vu/JVNVU95063136/

global.sharp/products/copier/info/info_security_2024-10.html

www.toshibatec.com/information/20241025_01.html

cve.org (CVE-2024-48870)

nvd.nist.gov (CVE-2024-48870)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-48870

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.