"value":"Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the reference URL."
}
]
},
"problemtype":{
"problemtype_data":[
{
"description":[
{
"lang":"eng",
"value":"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"value":"When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users.<br>"
}
],
"value":"When connecting the MFPs and printers with an outer network such as the Internet, only operate it in a network environment protected by a firewall, etc. to prevent information from being leaked due to incorrect settings or avoid illegal access by unauthorized users."
}
],
"exploit":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"We are not aware of any malicious exploitation by these vulnerabilities.<br>"
}
],
"value":"We are not aware of any malicious exploitation by these vulnerabilities."
}
],
"solution":[
{
"lang":"en",
"supportingMedia":[
{
"base64":false,
"type":"text/html",
"value":"This issue is fixed in the version released on June 14, 2024 and all later versions.<br>"
}
],
"value":"This issue is fixed in the version released on June 14, 2024 and all later versions."
}
],
"credits":[
{
"lang":"en",
"value":"We expresses its gratitude to Pierre Barre for reporting relevant security vulnerabilities for our products."
