CVE-2026-4794 in PaperCut NG
Resumen (Inglés)
Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary web script or HTML code via different UI fields. This could be used to compromise other admininistrator's sessions or perform unauthorized actions via the administrator's authenticated context (e.g. requires an active login session).
Responsable
PaperCut
Reservar
2026-03-25
Divulgación
2026-03-31
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354321 | PaperCut NG/MF secuencias de comandos en sitios cruzados | 79 | No está definido | Arreglo oficial | CVE-2026-4794 |