CVE-2019-25324

RICOH Web Image Monitor 1.09 - HTML Injection

CVSS 5.1 MEDIUMEPSS 0.2%CWE-79

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling cross-site scripting attacks.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Productos afectados

RICOH · RICOH Web Image Monitor

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/p_top010.html https://www.exploit-db.com/exploits/47827 https://www.ricoh.com/https://www.vulncheck.com/advisories/ricoh-web-image-monitor-html-injection