CVE-2024-48870

Summary

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.

Affected Software

VendorProductVersion RangeStatus
Toshiba Tec Corporatione-STUDIO 908T2.12.h3.00 and earlier versionsaffected
Toshiba Tec Corporatione-STUDIO 1058T1.01.h4.00 and earlier versionsaffected
Toshiba Tec Corporatione-STUDIO 1208T1.01.h4.00 and earlier versionsaffected
Sharp CorporationSharp Digital Full-color MFPs and Monochrome MFPssee the information provided by Sharp Corporationaffected

Weaknesses

  • CWE-79: Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References