CVE-2022-37406

medium

Description

Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.

References

https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history/w/bb/pub_j/dr_ut_d/4101044/4101044791/V101/5236968/redirect_CLUTool_DOM/history.htm

https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm

https://jvn.jp/en/jp/JVN24659622/index.html

Details

Source: Mitre, NVD

Published: 2022-12-07

Updated: 2022-12-08

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N