PT-2020-12274 · Canon · Canon Oce Colorwave 500

Published

2020-03-19

Updated

2020-03-23

CVE-2020-10668

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Canon Oce Colorwave 500 version 4.0.0.0

Description The web application exposed by the Canon Oce Colorwave 500 printer is vulnerable to Reflected XSS in the "/home.jsp" API endpoint. The openSI parameter is vulnerable.

Recommendations For version 4.0.0.0, update to the latest version to fix the issue. As a temporary workaround, consider restricting access to the "/home.jsp" endpoint and avoiding the use of the openSI parameter until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-10668

Affected Products

Canon Oce Colorwave 500

PT-2020-12274 · Canon · Canon Oce Colorwave 500

CVE-2020-10668

Weakness Enumeration

Related Identifiers

Affected Products

References · 5