CVE-2024-1883 MEDIUM

CVE-2024-1883: Reflected XSS in PaperCut NG/MF

Vendor Papercut
Product PaperCut NG, PaperCut MF
Weakness CWE-76
Published March 14, 2024
Last update September 26, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability.

Key dates

02Disclosure timeline

March 14, 2024 CVE published
September 26, 2024 Record updated