Papercut Mf
CVE-2024-1883
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability.
AnalysisAI
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-76. This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability. Affected products include: Papercut Papercut Mf, Papercut Papercut Ng.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Papercut Mf
View allThis vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Bui
PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific condition
This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated
An unspecified vulnerability in the application server in PaperCut MF and NG versions 18.3.8 and earlier and versions 19
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163. Rat
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print
An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabl
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print
Unspecified vulnerability in the print release functionality in PaperCut MF before 14.1 (Build 26983) has unknown impact
An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated att
This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for
Share
External POC / Exploit Code
Leaving vuln.today