Vulnerability Description
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Toshibatec | E-Studio1058 Firmware | <= t1.01.h4.00 |
| Toshibatec | E-Studio1058 | - |
| Toshibatec | E-Studio1208 Firmware | <= t1.01.h4.00 |
| Toshibatec | E-Studio1208 | - |
| Toshibatec | E-Studio908 Firmware | <= t2.12.h3.00 |
| Toshibatec | E-Studio908 | - |
| Sharp | Bp-90C70 Firmware | - |
| Sharp | Bp-90C70 | - |
| Sharp | Bp-90C80 Firmware | - |
| Sharp | Bp-90C80 | - |
| Sharp | Bp-70C65 Firmware | - |
| Sharp | Bp-70C65 | - |
| Sharp | Bp-70C55 Firmware | - |
| Sharp | Bp-70C55 | - |
| Sharp | Bp-70C45 Firmware | - |
| Sharp | Bp-70C45 | - |
| Sharp | Bp-70C36 Firmware | - |
| Sharp | Bp-70C36 | - |
| Sharp | Bp-70C31 Firmware | - |
| Sharp | Bp-70C31 | - |
Related Weaknesses (CWE)
References
- https://global.sharp/products/copier/info/info_security_2024-10.htmlVendor Advisory
- https://jvn.jp/en/vu/JVNVU95063136/Third Party Advisory
- https://www.toshibatec.com/information/20241025_01.htmlVendor Advisory
FAQ
What is CVE-2024-47801?
CVE-2024-47801 is a vulnerability with a CVSS score of 7.4 (HIGH). Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected produ...
How severe is CVE-2024-47801?
CVE-2024-47801 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-47801?
Check the references section above for vendor advisories and patch information. Affected products include: Toshibatec E-Studio1058 Firmware, Toshibatec E-Studio1058, Toshibatec E-Studio1208 Firmware, Toshibatec E-Studio1208, Toshibatec E-Studio908 Firmware.