PT-2018-1918 · Ricoh · Ricoh Mp
Ismail Tasdelen
·
Publicado
2018-09-21
·
Atualizado
2018-11-15
·
CVE-2018-17310
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
RICOH MP versions (affected versions not specified)
Description
The issue exists due to inadequate protection of the web page structure in the Wizard component, specifically in the /web/entry/en/address/adrsSetUserWizard.cgi file. This allows a remote attacker to inject arbitrary code into the protected web page. The vulnerability is related to HTML Injection and Stored XSS in the area of adding addresses via the
entryNameIn parameter to the "/web/entry/en/address/adrsSetUserWizard.cgi" API endpoint.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ricoh Mp