CVE-2024-9672
MEDIUMPapercut MF < 24.1.1 - XSS
Title source: ruleDescription
A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur.
Scores
CVSS v3
5.4
EPSS
0.0051
EPSS Percentile
66.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-917
CWE-79
Status
published
Affected Products (2)
papercut/papercut_mf
< 24.1.1
papercut/papercut_ng
< 24.1.1
Timeline
Published
Dec 10, 2024
Tracked Since
Feb 18, 2026