PaperCut NG/MF Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in PaperCut NG/MF versions prior to 25.0.10. This vulnerability allows authenticated administrator users to inject arbitrary web scripts or HTML into various UI fields. Exploitation of this issue could compromise the sessions of other administrators or enable unauthorized actions within the context of an administrator's active login.

Impact

Exploitation of this vulnerability could lead to the execution of malicious scripts in an administrator's browser session, potentially allowing for session hijacking or unauthorized actions on behalf of the administrator.

Remediation

Users are advised to upgrade to PaperCut NG/MF version 25.0.10. For Konica Minolta fleets using PaperCut MF, ensure the embedded application is updated to version 25.0.5 (Standard) or 25.0.9 (Certified).