CVE-2024-48870 — MEDIUM (6.2)

Q: How severe is CVE-2024-48870?

CVE-2024-48870 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-48870?

Check the references section above for vendor advisories and patch information. Affected products include: Toshibatec E-Studio1058 Firmware, Toshibatec E-Studio1058, Toshibatec E-Studio1208 Firmware, Toshibatec E-Studio1208, Toshibatec E-Studio908 Firmware.

Vulnerability Description

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Toshibatec	E-Studio1058 Firmware	<= t1.01.h4.00
Toshibatec	E-Studio1058	-
Toshibatec	E-Studio1208 Firmware	<= t1.01.h4.00
Toshibatec	E-Studio1208	-
Toshibatec	E-Studio908 Firmware	<= t2.12.h3.00
Toshibatec	E-Studio908	-
Sharp	Bp-90C70 Firmware	-
Sharp	Bp-90C70	-
Sharp	Bp-90C80 Firmware	-
Sharp	Bp-90C80	-
Sharp	Bp-70C65 Firmware	-
Sharp	Bp-70C65	-
Sharp	Bp-70C55 Firmware	-
Sharp	Bp-70C55	-
Sharp	Bp-70C45 Firmware	-
Sharp	Bp-70C45	-
Sharp	Bp-70C36 Firmware	-
Sharp	Bp-70C36	-
Sharp	Bp-70C31 Firmware	-
Sharp	Bp-70C31	-

Related Weaknesses (CWE)

CWE-79

References

https://global.sharp/products/copier/info/info_security_2024-10.htmlVendor Advisory
https://jvn.jp/en/vu/JVNVU95063136/Third Party Advisory
https://www.toshibatec.com/information/20241025_01.htmlVendor Advisory

FAQ

What is CVE-2024-48870?

CVE-2024-48870 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, mal...

How severe is CVE-2024-48870?

CVE-2024-48870 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-48870?

Check the references section above for vendor advisories and patch information. Affected products include: Toshibatec E-Studio1058 Firmware, Toshibatec E-Studio1058, Toshibatec E-Studio1208 Firmware, Toshibatec E-Studio1208, Toshibatec E-Studio908 Firmware.