Lucene search

K
PapercutPapercut Ng

7 matches found

CVE
CVE
added 2024/12/10 12:15 a.m.760 views

CVE-2024-9672

A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur.

6.3CVSS5.7AI score0.00082EPSS
CVE
CVE
added 2023/09/13 9:15 p.m.72 views

CVE-2023-4568

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.

6.5CVSS6.6AI score0.82902EPSS
CVE
CVE
added 2024/03/14 4:15 a.m.46 views

CVE-2024-1884

This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.

6.5CVSS6.8AI score0.42827EPSS
CVE
CVE
added 2024/09/26 2:15 a.m.46 views

CVE-2024-8405

An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the web-print.exe process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. This can be used...

6.1CVSS6.2AI score0.00245EPSS
CVE
CVE
added 2024/03/14 4:15 a.m.45 views

CVE-2024-1883

This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidenti...

6.3CVSS6.3AI score0.41961EPSS
CVE
CVE
added 2014/04/22 2:23 p.m.40 views

CVE-2014-2659

Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

6.8CVSS7.3AI score0.00084EPSS
CVE
CVE
added 2023/10/19 2:15 p.m.24 views

CVE-2023-31046

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Under specific conditions, this could potentially allow an authenticated attacker to achieve read-only access to the server's filesystem, because requests beginning with "GET /ui/static/..//.." reach g...

6.5CVSS6.3AI score0.00738EPSS