The host is installed with PaperCut NG before 20.1.10, 21.x before 21.2.14, 22.x before 22.1.5, or 23.x before 23.0.7 and is prone to a reflected cross site scripting vulnerability. A flaw is present in the application, which fails to properly handle a crafted malicious URL that contains a script. Successful exploitation allows an attacker to cause limited loss of confidentiality, integrity or availability (e.g. scraping of information on the PaperCut NG/MF admin interface dashboard tab).