exploitDog

CVE-2026-4794

Опубликовано: 31 мар. 2026

Источник: nvd

CVSS3: 4.8

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires an active login session).

Ссылки

https://www.papercut.com/kb/Main/papercut-ng-mf-security-bulletin-march-2026/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:papercut:papercut_mf:*:*:*:*:*:*:*:*

Версия до 25.0.10 (исключая)

Конфигурация 2

cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*

Версия до 25.0.10 (исключая)

EPSS

Процентиль: 9%

0.0003

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-m6wx-rxrp-cc9p

CVSS3: 4.8

github

9 дней назад

Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires an active login session).

EPSS

Процентиль: 9%

0.0003

Низкий

4.8 Medium

CVSS3

Дефекты

CWE-79