CVE-2024-27162

Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the reference URL.
Configurations

No configuration.

History

21 Nov 2024, 09:03

Type Values Removed Values Added
References () http://seclists.org/fulldisclosure/2024/Jul/1 - () http://seclists.org/fulldisclosure/2024/Jul/1 -
References () https://jvn.jp/en/vu/JVNVU97136265/index.html - () https://jvn.jp/en/vu/JVNVU97136265/index.html -
References () https://www.toshibatec.com/information/20240531_01.html - () https://www.toshibatec.com/information/20240531_01.html -
References () https://www.toshibatec.com/information/pdf/information20240531_01.pdf - () https://www.toshibatec.com/information/pdf/information20240531_01.pdf -

04 Jul 2024, 05:15

Type Values Removed Values Added
References
  • () http://seclists.org/fulldisclosure/2024/Jul/1 -

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Las impresoras Toshiba proporcionan una interfaz web que cargará el archivo JavaScript. El archivo contiene códigos inseguros vulnerables a XSS y se carga dentro de todas las páginas web proporcionadas por la impresora. Un atacante puede robar la cookie de un usuario administrador. En cuanto a los productos/modelos/versiones afectados, consulte la URL de referencia.

14 Jun 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-14 04:15

Updated : 2024-11-21 09:03


NVD link : CVE-2024-27162

Mitre link : CVE-2024-27162

CVE.ORG link : CVE-2024-27162


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')