PT-2018-1918 · Ricoh · Ricoh Mp
Ismail Tasdelen
·
Published
2018-09-21
·
Updated
2018-11-15
·
CVE-2018-17310
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
RICOH MP versions (affected versions not specified)
Description
The issue exists due to inadequate protection of the web page structure in the Wizard component, specifically in the /web/entry/en/address/adrsSetUserWizard.cgi file. This allows a remote attacker to inject arbitrary code into the protected web page. The vulnerability is related to HTML Injection and Stored XSS in the area of adding addresses via the
entryNameIn parameter to the "/web/entry/en/address/adrsSetUserWizard.cgi" API endpoint.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ricoh Mp