PT-2026-29169 · Papercut · Papercut Ng/Mf
Published
2026-03-31
·
Updated
2026-03-31
·
CVE-2026-4794
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PaperCut NG/MF versions prior to 25.0.10
Description
The software contains multiple cross-site scripting (XSS) flaws. Authenticated administrator users can inject arbitrary web script or HTML code through various UI fields. This could lead to the compromise of other administrator sessions or the execution of unauthorized actions within the administrator's authenticated context, requiring an active login session.
Recommendations
Update PaperCut NG/MF to version 25.0.10 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Papercut Ng/Mf