PT-2020-12276 · Canon · Canon Oce Colorwave 500

Published

2020-03-19

Updated

2020-03-23

CVE-2020-10670

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Canon Oce Colorwave 500 version 4.0.0.0

Description The web application exposed by the Canon Oce Colorwave 500 printer is vulnerable to Reflected XSS in the settingId parameter of the "settingDialogContent.jsp" page.

Recommendations For version 4.0.0.0, update to the latest version to fix the issue. As a temporary workaround, consider avoiding the use of the settingId parameter in the "settingDialogContent.jsp" page until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-10670

Affected Products

Canon Oce Colorwave 500

PT-2020-12276 · Canon · Canon Oce Colorwave 500

CVE-2020-10670

Weakness Enumeration

Related Identifiers

Affected Products

References · 4