{"id":"CVE-2023-2533","details":"A Cross-Site Request Forgery (CSRF) vulnerability has been identified in\nPaperCut NG/MF, which, under specific conditions, could potentially enable\nan attacker to alter security settings or execute arbitrary code. This could\nbe exploited if the target is an admin with a current login session. Exploiting\nthis would typically involve the possibility of deceiving an admin into clicking\na specially crafted malicious link, potentially leading to unauthorized changes.","modified":"2026-05-04T08:36:20.298455Z","published":"2023-06-20T15:15:11.560Z","withdrawn":"2026-05-04T08:36:20.298455Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-2533"},{"type":"ADVISORY","url":"https://www.papercut.com/kb/Main/SecurityBulletinJune2023"},{"type":"EVIDENCE","url":"https://fluidattacks.com/advisories/arcangel/"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"20.1.8"}]},{"events":[{"introduced":"21.0.0"},{"fixed":"21.2.12"}]},{"events":[{"introduced":"22.0.0"},{"fixed":"22.1.1"}]},{"events":[{"introduced":"0"},{"fixed":"20.1.8"}]},{"events":[{"introduced":"21.0.0"},{"fixed":"21.2.12"}]},{"events":[{"introduced":"22.0.0"},{"last_affected":"22.1.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-2533.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}