Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
References
| Link | Resource |
|---|---|
| https://jvn.jp/en/jp/JVN24659622/index.html | Third Party Advisory |
| https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm | Product Vendor Advisory |
| https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history/w/bb/pub_j/dr_ut_d/4101044/4101044791/V101/5236968/redirect_CLUTool_DOM/history.htm | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
08 Dec 2022, 20:11
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://jvn.jp/en/jp/JVN24659622/index.html - Third Party Advisory | |
| References | (MISC) https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history/w/bb/pub_j/dr_ut_d/4101044/4101044791/V101/5236968/redirect_CLUTool_DOM/history.htm - Release Notes, Vendor Advisory | |
| References | (MISC) https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm - Product, Vendor Advisory | |
| CWE | CWE-79 | |
| CPE | cpe:2.3:o:ricoh:aficio_sp_4210n_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:ricoh:aficio_sp_4210n:-:*:*:*:*:*:*:* |
|
| First Time |
Ricoh
Ricoh aficio Sp 4210n Ricoh aficio Sp 4210n Firmware |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
07 Dec 2022, 04:52
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-12-07 04:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-37406
Mitre link : CVE-2022-37406
CVE.ORG link : CVE-2022-37406
JSON object : View
Products Affected
ricoh
- aficio_sp_4210n
- aficio_sp_4210n_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')