CVE-2024-36249

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Nov 26, 2024
CWE ID 79

Summary

CVE-2024-36249 is a newly disclosed cross-site scripting (XSS) vulnerability affecting multiple multifunction printers (MFPs) from Sharp Corporation and Toshiba Tech Corporation. Successful exploitation of this issue allows an attacker to execute arbitrary scripts on the administrative page of the affected MFPs, potentially leading to unauthorized access or data theft. Affected product details, including names, model numbers, and versions, are available from the vendors' respective advisories ([References]). It's crucial for organizations using these MFPs to apply the vendors' provided patches or workarounds to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share