CVE-2024-48870

MEDIUM

Toshibatec E-studio1058 Firmware < t1.01.h4.00 - XSS

Title source: rule
STIX 2.1

Description

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.

Scores

CVSS v3 6.2
EPSS 0.0032
EPSS Percentile 24.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (50)
sharp/bp-30c25_firmware
sharp/bp-30c25t_firmware
sharp/bp-30c25y_firmware
sharp/bp-30c25z_firmware
sharp/bp-30m28_firmware
sharp/bp-30m28t_firmware
sharp/bp-30m31_firmware
sharp/bp-30m31t_firmware
sharp/bp-30m35_firmware
sharp/bp-30m35t_firmware
... and 40 more
Published Oct 25, 2024
Tracked Since Feb 18, 2026