CVE-2024-27162
published 2024-06-14CVE-2024-27162: Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the…
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
21.22%
97.3th percentile
Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the reference URL.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| toshiba_tec_corporation | toshiba_tec_e-studio_multi-function_peripheral | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2024/Jul/1https://jvn.jp/en/vu/JVNVU97136265/index.htmlhttps://www.toshibatec.com/information/20240531_01.htmlhttps://www.toshibatec.com/information/pdf/information20240531_01.pdfhttp://seclists.org/fulldisclosure/2024/Jul/1https://jvn.jp/en/vu/JVNVU97136265/index.htmlhttps://www.toshibatec.com/information/20240531_01.htmlhttps://www.toshibatec.com/information/pdf/information20240531_01.pdf
2024-06-14
Published