CVE-2024-1883— Reflected XSS in PaperCut NG/MF
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-1883
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected XSS in PaperCut NG/MF
Source: NVD (National Vulnerability Database)
Vulnerability Description
This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
等价特殊元素的转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
PaperCut NG 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PaperCut NG是澳大利亚PaperCut公司的一套下一代打印机控制软件。 PaperCut NG/MF存在安全漏洞,该漏洞源于存在反射型跨站脚本漏洞,攻击者可以通过制作包含脚本的恶意URL导致有限的机密性、完整性或可用性损失。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| PaperCut | PaperCut NG, PaperCut MF | 0 ~ 23.0.7 | - |
II. Public POCs for CVE-2024-1883
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-1883
请登录查看更多情报信息。
Same Patch Batch · PaperCut · 2024-03-14 · 7 CVEs total
| CVE-2024-1222 | 8.6 HIGH | Incorrect authorization controls in PaperCut NG/MF APIs |
| CVE-2024-1654 | 7.2 HIGH | Unauthorized write operations in PaperCut NG/MF |
| CVE-2024-1882 | 7.2 HIGH | Server-side resource injection in PaperCut NG/MF |
| CVE-2024-1884 | 6.5 MEDIUM | Server Side Request Forgery in PaperCut NG/MF |
| CVE-2024-1223 | 4.8 MEDIUM | Improper authorization controls in PaperCut NG/MF |
| CVE-2024-1221 | 3.1 LOW | Improper access controls on APIs on Linux and macOS in PaperCut NG/MF |
IV. Related Vulnerabilities
Same product: PaperCut NG, PaperCut MF
- CVE-2024-8404
Arbitrary File Deletion in PaperCut NG/MF Web Print Hot fold - CVE-2024-8405
Arbitrary File Creation in PaperCut NG/MF Web Print leading - CVE-2024-4712
Arbitrary File Creation in PaperCut NG/MF Web Print Image Ha - CVE-2024-3037
Arbitrary File Deletion in PaperCut NG/MF Web Print - CVE-2024-1884
Server Side Request Forgery in PaperCut NG/MF
Same vendor: PaperCut
- CVE-2026-7824
PaperCut Hive (Ricoh): Plain text password in logs - CVE-2026-6418
PaperCut NG/MF: Path Traversal in Shared Account Synchroniza - CVE-2026-6180
PaperCut MF: Card truncation on HP readers - CVE-2026-5115
Session hijacking in PaperCut NG/MF embedded application for - CVE-2026-4794
Multiple cross-site scripting (XSS) vulnerabilities in Paper
Same weakness: CWE-76
- CVE-2024-4897
Remote Code Execution in parisneo/lollms-webui - CVE-2024-34359
llama-cpp-python vulnerable to Remote Code Execution by Serv - CVE-2024-2952
Server-Side Template Injection in BerriAI/litellm - CVE-2024-1882
Server-side resource injection in PaperCut NG/MF - CVE-2024-1221
Improper access controls on APIs on Linux and macOS in Paper
V. Comments for CVE-2024-1883
No comments yet