Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm