Vulnerabilities > Papercut > Papercut NG > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-10 | CVE-2024-9672 | Cross-site Scripting vulnerability in Papercut MF A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. | 5.4 |
| 2024-09-26 | CVE-2024-8405 | Command Injection vulnerability in Papercut NG An arbitrary file creation vulnerability exists in PaperCut NG/MF that only affects Windows servers with Web Print enabled. | 5.5 |
| 2024-03-14 | CVE-2024-1883 | Cross-site Scripting vulnerability in Papercut MF This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. | 6.1 |
| 2024-03-14 | CVE-2024-1884 | Server-Side Request Forgery (SSRF) vulnerability in Papercut MF This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. | 6.5 |
| 2024-03-14 | CVE-2024-1223 | Unspecified vulnerability in Papercut MF This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. | 4.8 |
| 2023-11-14 | CVE-2023-6006 | Unspecified vulnerability in Papercut MF This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. | 6.7 |
| 2023-10-19 | CVE-2023-31046 | Path Traversal vulnerability in Papercut MF A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. | 6.5 |
| 2023-09-13 | CVE-2023-4568 | Improper Authentication vulnerability in Papercut NG PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. | 6.5 |