Vulnerabilities > Papercut > Papercut NG > 22.1.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-10 | CVE-2024-9672 | Cross-site Scripting vulnerability in Papercut MF A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. | 5.4 |
| 2024-09-26 | CVE-2024-8404 | Link Following vulnerability in Papercut NG An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. | 7.8 |
| 2024-09-26 | CVE-2024-8405 | Command Injection vulnerability in Papercut NG An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. | 5.5 |
| 2024-05-14 | CVE-2024-4712 | Unspecified vulnerability in Papercut MF An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. This specific flaw exists within the image-handler process, which can incorrectly create files that don’t exist when a maliciously formed payload is provided. | 7.8 |
| 2024-05-14 | CVE-2024-3037 | Files or Directories Accessible to External Parties vulnerability in Papercut MF An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. | 7.8 |
| 2024-03-14 | CVE-2024-1882 | Unspecified vulnerability in Papercut MF This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server. | 7.2 |
| 2024-03-14 | CVE-2024-1883 | Cross-site Scripting vulnerability in Papercut MF This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. | 6.1 |
| 2024-03-14 | CVE-2024-1884 | Server-Side Request Forgery (SSRF) vulnerability in Papercut MF This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. | 6.5 |
| 2024-03-14 | CVE-2024-1221 | Unspecified vulnerability in Papercut MF This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. | 3.1 |
| 2024-03-14 | CVE-2024-1222 | Unspecified vulnerability in Papercut MF This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. | 9.8 |