Today > 8 Critical | 28 High | 32 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-9672

Dec. 10, 2024, 12:15 a.m.

Tags

CWE-917
eb41dac7-0af8-4f84-9f6d-0272772514f4
2024-12-10
CVE-2024-9672

Product(s) Impacted

PaperCut NG/MF

Description

A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur.

Weaknesses

CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed.

CWE ID: 917

Date

Published: Dec. 10, 2024, 12:15 a.m.

Last Modified: Dec. 10, 2024, 12:15 a.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

eb41dac7-0af8-4f84-9f6d-0272772514f4

References

https://www.papercut.com/ eb41dac7-0af8-4f84-9f6d-0272772514f4