CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N
EPSS
Percentile
22.2%
Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability.
If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.
Vendor | Product | Version | CPE |
---|---|---|---|
toshibatec | e-studio1058_firmware | * | cpe:2.3:o:toshibatec:e-studio1058_firmware:*:*:*:*:*:*:*:* |
toshibatec | e-studio1058 | - | cpe:2.3:h:toshibatec:e-studio1058:-:*:*:*:*:*:*:* |
toshibatec | e-studio1208_firmware | * | cpe:2.3:o:toshibatec:e-studio1208_firmware:*:*:*:*:*:*:*:* |
toshibatec | e-studio1208 | - | cpe:2.3:h:toshibatec:e-studio1208:-:*:*:*:*:*:*:* |
toshibatec | e-studio908_firmware | * | cpe:2.3:o:toshibatec:e-studio908_firmware:*:*:*:*:*:*:*:* |
toshibatec | e-studio908 | - | cpe:2.3:h:toshibatec:e-studio908:-:*:*:*:*:*:*:* |
sharp | bp-90c70_firmware | - | cpe:2.3:o:sharp:bp-90c70_firmware:-:*:*:*:*:*:*:* |
sharp | bp-90c70 | - | cpe:2.3:h:sharp:bp-90c70:-:*:*:*:*:*:*:* |
sharp | bp-90c80_firmware | - | cpe:2.3:o:sharp:bp-90c80_firmware:-:*:*:*:*:*:*:* |
sharp | bp-90c80 | - | cpe:2.3:h:sharp:bp-90c80:-:*:*:*:*:*:*:* |
[
{
"vendor": "Toshiba Tec Corporation",
"product": "e-STUDIO 908",
"versions": [
{
"version": "T2.12.h3.00 and earlier versions",
"status": "affected"
}
]
},
{
"vendor": "Toshiba Tec Corporation",
"product": "e-STUDIO 1058",
"versions": [
{
"version": "T1.01.h4.00 and earlier versions",
"status": "affected"
}
]
},
{
"vendor": "Toshiba Tec Corporation",
"product": "e-STUDIO 1208",
"versions": [
{
"version": "T1.01.h4.00 and earlier versions",
"status": "affected"
}
]
},
{
"vendor": "Sharp Corporation",
"product": "Sharp Digital Full-color MFPs and Monochrome MFPs",
"versions": [
{
"version": "see the information provided by Sharp Corporation",
"status": "affected"
}
]
}
]