CVE-2019-25324

RICOH Web Image Monitor 1.09 - HTML Injection

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling cross-site scripting attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Affected products

RICOH · RICOH Web Image Monitor

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/p_top010.html https://www.exploit-db.com/exploits/47827 https://www.ricoh.com/https://www.vulncheck.com/advisories/ricoh-web-image-monitor-html-injection