CVE-2024-28142 is a cross-site scripting (XSS) vulnerability classified under CWE-79, affecting the Scan2Net product by Image Access GmbH. The root cause is the failure to properly sanitize user input on the 'File Name' page (/cgi/uset.cgi?-cfilename) within the User Settings menu. Specifically, the input fields for file names and wildcard characters do not filter out malicious JavaScript payloads. Attackers can exploit this by injecting arbitrary JavaScript code into these fields, which is then stored and executed when the page is subsequently accessed by other users, including administrators with elevated privileges. The vulnerability is particularly concerning because it can be exploited without requiring authentication; unauthenticated attackers can modify the file name parameter for the 'Default' user, potentially enabling persistent XSS attacks. The CVSS v3.1 base score is 4.7 (medium severity), reflecting that the attack vector is network-based, requires no privileges, but does require user interaction (viewing the page). The impact is limited to integrity (script execution) without direct confidentiality or availability loss. No patches or known exploits are currently documented, but the vulnerability's presence in a network-accessible interface and its potential to target privileged users make it a significant risk. The vulnerability's scope is confined to Scan2Net installations, which are specialized scanning devices often used in document management and digitization workflows.

For European organizations, this vulnerability poses a risk primarily to the integrity of user sessions and the security of administrative accounts within Scan2Net environments. Successful exploitation could allow attackers to execute arbitrary scripts in the browsers of users who view the compromised page, potentially leading to session hijacking, unauthorized actions, or further network reconnaissance. Since the vulnerability can be exploited without authentication, it increases the attack surface, especially in environments where Scan2Net devices are exposed to internal or external networks. The impact on confidentiality is limited, but the integrity compromise could facilitate lateral movement or privilege escalation if administrative users are targeted. Availability is not directly affected. Organizations relying on Scan2Net for critical document scanning and management may face operational disruptions if attackers leverage this vulnerability to manipulate device settings or user data indirectly. Additionally, compliance with European data protection regulations (e.g., GDPR) could be jeopardized if malicious scripts lead to unauthorized data access or leakage.

1. Immediately restrict network access to Scan2Net devices, ensuring they are not exposed to untrusted networks or the internet. 2. Implement strict access controls and network segmentation to limit who can reach the Scan2Net management interface. 3. Monitor and audit the 'File Name' page and related user settings for suspicious or unexpected input values, particularly those containing script tags or unusual characters. 4. Educate administrators and users to avoid clicking on suspicious links or viewing untrusted pages within Scan2Net interfaces. 5. Contact Image Access GmbH for official patches or updates addressing CVE-2024-28142 and apply them promptly once available. 6. As a temporary workaround, disable or limit the use of wildcard characters in file name inputs if possible. 7. Employ web application firewalls (WAFs) or intrusion detection systems (IDS) that can detect and block XSS payloads targeting Scan2Net devices. 8. Regularly review and update device firmware and software to incorporate security fixes. 9. Conduct internal penetration testing focusing on Scan2Net devices to identify and remediate similar input validation issues.