ID XEROX_XRX05_006.NASL Type nessus Reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. Modified 2021-02-02T00:00:00
Description
According to its model number and software version, the remote host
is a Xerox WorkCentre device with an embedded web server that suffers
from multiple flaws, including authentication bypass, denial of
service, unauthorized file access, and cross-site scripting.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(18642);
script_version("1.19");
script_cvs_date("Date: 2018/11/15 20:50:24");
script_cve_id("CVE-2005-2200", "CVE-2005-2201", "CVE-2005-2202");
script_bugtraq_id(14187);
script_name(english:"Xerox WorkCentre Multiple Vulnerabilities (XRX05-006)");
script_summary(english:"Checks version of Xerox WorkCentre Pro");
script_set_attribute(attribute:"synopsis", value:
"The remote printer suffers from multiple vulnerabilities.");
script_set_attribute(
attribute:"description",
value:
"According to its model number and software version, the remote host
is a Xerox WorkCentre device with an embedded web server that suffers
from multiple flaws, including authentication bypass, denial of
service, unauthorized file access, and cross-site scripting."
);
script_set_attribute(attribute:"see_also", value:"https://www.xerox.com/downloads/usa/en/c/cert_XRX05_006.pdf");
script_set_attribute(attribute:"see_also", value:"https://www.xerox.com/downloads/usa/en/c/cert_XRX05_007.pdf");
script_set_attribute(attribute:"solution", value:
"Apply the P22 patch as described in the Xerox security bulletins.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/06/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/08");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/h:xerox:workcentre");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_dependencies("xerox_workcentre_detect.nasl");
script_require_keys("www/xerox_workcentre");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
# This function returns TRUE if the version string ver lies in
# the range [low, high].
function ver_inrange(ver, low, high)
{
local_var ver_parts, low_parts, high_parts, i, p, low_p, high_p;
if (isnull(ver) || isnull(low) || isnull(high)) return FALSE;
# Split levels into parts.
ver_parts = split(ver, sep:".", keep:0);
low_parts = split(low, sep:".", keep:0);
high_parts = split(high, sep:".", keep:0);
# Compare each part.
i = 0;
while (ver_parts[i] != NULL)
{
p = int(ver_parts[i]);
low_p = int(low_parts[i]);
if (low_p == NULL) low_p = 0;
high_p = int(high_parts[i]);
if (high_p == NULL) high_p = 0;
if (p > low_p && p < high_p) return TRUE;
if (p < low_p || p > high_p) return FALSE;
++i;
}
return TRUE;
}
# Check whether the device is vulnerable.
if (get_kb_item("www/xerox_workcentre"))
{
model = get_kb_item_or_exit("www/xerox_workcentre/model");
ssw = get_kb_item_or_exit("www/xerox_workcentre/ssw");
# No need to check further if ESS has with ".P22" since that
# indicates the patch has already been applied.
if (ess && ess =~ "\.P22[^0-9]?") audit(AUDIT_HOST_NOT, "affected");
# Test model number and software version against those in Xerox's security bulletin.
if (
# nb: models Pro 2128/2636/3545 Color with SSW 0.001.04.044 - 0.001.04.504.
model =~ "Pro (32|40)C" && ver_inrange(ver:ssw, low:"0.001.04.044", high:"0.001.04.504")
)
security_hole(0);
exit(0);
}
audit(AUDIT_HOST_NOT, "affected");
{"id": "XEROX_XRX05_006.NASL", "bulletinFamily": "scanner", "title": "Xerox WorkCentre Multiple Vulnerabilities (XRX05-006)", "description": "According to its model number and software version, the remote host\nis a Xerox WorkCentre device with an embedded web server that suffers\nfrom multiple flaws, including authentication bypass, denial of\nservice, unauthorized file access, and cross-site scripting.", "published": "2005-07-08T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/18642", "reporter": "This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.", "references": ["https://www.xerox.com/downloads/usa/en/c/cert_XRX05_006.pdf", "https://www.xerox.com/downloads/usa/en/c/cert_XRX05_007.pdf"], "cvelist": ["CVE-2005-2200", "CVE-2005-2202", "CVE-2005-2201"], "type": "nessus", "lastseen": "2021-02-01T07:40:21", "edition": 25, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2201", "CVE-2005-2200", "CVE-2005-2202"]}, {"type": "osvdb", "idList": ["OSVDB:17765", "OSVDB:17766", "OSVDB:17768"]}], "modified": "2021-02-01T07:40:21", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-02-01T07:40:21", "rev": 2}, "vulnersScore": 7.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18642);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/11/15 20:50:24\");\n\n script_cve_id(\"CVE-2005-2200\", \"CVE-2005-2201\", \"CVE-2005-2202\");\n script_bugtraq_id(14187);\n\n script_name(english:\"Xerox WorkCentre Multiple Vulnerabilities (XRX05-006)\");\n script_summary(english:\"Checks version of Xerox WorkCentre Pro\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote printer suffers from multiple vulnerabilities.\");\n script_set_attribute(\n attribute:\"description\",\n value:\n\"According to its model number and software version, the remote host\nis a Xerox WorkCentre device with an embedded web server that suffers\nfrom multiple flaws, including authentication bypass, denial of\nservice, unauthorized file access, and cross-site scripting.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.xerox.com/downloads/usa/en/c/cert_XRX05_006.pdf\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.xerox.com/downloads/usa/en/c/cert_XRX05_007.pdf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the P22 patch as described in the Xerox security bulletins.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:xerox:workcentre\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"xerox_workcentre_detect.nasl\");\n script_require_keys(\"www/xerox_workcentre\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n# This function returns TRUE if the version string ver lies in\n# the range [low, high].\nfunction ver_inrange(ver, low, high)\n{\n local_var ver_parts, low_parts, high_parts, i, p, low_p, high_p;\n\n if (isnull(ver) || isnull(low) || isnull(high)) return FALSE;\n\n # Split levels into parts.\n ver_parts = split(ver, sep:\".\", keep:0);\n low_parts = split(low, sep:\".\", keep:0);\n high_parts = split(high, sep:\".\", keep:0);\n\n # Compare each part.\n i = 0;\n while (ver_parts[i] != NULL)\n {\n p = int(ver_parts[i]);\n low_p = int(low_parts[i]);\n if (low_p == NULL) low_p = 0;\n high_p = int(high_parts[i]);\n if (high_p == NULL) high_p = 0;\n\n if (p > low_p && p < high_p) return TRUE;\n if (p < low_p || p > high_p) return FALSE;\n ++i;\n }\n return TRUE;\n}\n\n\n# Check whether the device is vulnerable.\nif (get_kb_item(\"www/xerox_workcentre\"))\n{\n model = get_kb_item_or_exit(\"www/xerox_workcentre/model\");\n ssw = get_kb_item_or_exit(\"www/xerox_workcentre/ssw\");\n\n # No need to check further if ESS has with \".P22\" since that\n # indicates the patch has already been applied.\n if (ess && ess =~ \"\\.P22[^0-9]?\") audit(AUDIT_HOST_NOT, \"affected\");\n\n # Test model number and software version against those in Xerox's security bulletin.\n if (\n # nb: models Pro 2128/2636/3545 Color with SSW 0.001.04.044 - 0.001.04.504.\n model =~ \"Pro (32|40)C\" && ver_inrange(ver:ssw, low:\"0.001.04.044\", high:\"0.001.04.504\")\n )\n security_hole(0);\n exit(0);\n}\naudit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Misc.", "pluginID": "18642", "cpe": ["cpe:/h:xerox:workcentre"], "scheme": null}
{"cve": [{"lastseen": "2021-02-02T05:24:37", "description": "Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.", "edition": 4, "cvss3": {}, "published": "2005-07-11T04:00:00", "title": "CVE-2005-2201", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2201"], "modified": "2008-09-05T20:51:00", "cpe": ["cpe:/h:xerox:workcentre_2636:0.001.04.044", "cpe:/h:xerox:workcentre_2128:0.001.04.044", "cpe:/h:xerox:workcentre_3545:0.001.04.504", "cpe:/h:xerox:workcentre_2636:0.001.04.504", "cpe:/h:xerox:workcentre_2128:0.001.04.504", "cpe:/h:xerox:workcentre_3545:0.001.04.044"], "id": "CVE-2005-2201", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2201", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:h:xerox:workcentre_3545:0.001.04.504:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_3545:0.001.04.044:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2636:0.001.04.044:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2636:0.001.04.504:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2128:0.001.04.044:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2128:0.001.04.504:*:pro_color:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:24:37", "description": "Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication.", "edition": 4, "cvss3": {}, "published": "2005-07-11T04:00:00", "title": "CVE-2005-2200", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2200"], "modified": "2008-09-05T20:51:00", "cpe": ["cpe:/h:xerox:workcentre_2636:0.001.04.044", "cpe:/h:xerox:workcentre_2128:0.001.04.044", "cpe:/h:xerox:workcentre_3545:0.001.04.504", "cpe:/h:xerox:workcentre_2636:0.001.04.504", "cpe:/h:xerox:workcentre_2128:0.001.04.504", "cpe:/h:xerox:workcentre_3545:0.001.04.044"], "id": "CVE-2005-2200", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2200", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:h:xerox:workcentre_3545:0.001.04.504:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_3545:0.001.04.044:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2636:0.001.04.044:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2636:0.001.04.504:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2128:0.001.04.044:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2128:0.001.04.504:*:pro_color:*:*:*:*:*"]}, {"lastseen": "2021-02-02T05:24:37", "description": "Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.", "edition": 4, "cvss3": {}, "published": "2005-07-11T04:00:00", "title": "CVE-2005-2202", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-2202"], "modified": "2008-09-05T20:51:00", "cpe": ["cpe:/h:xerox:workcentre_2636:0.001.04.044", "cpe:/h:xerox:workcentre_2128:0.001.04.044", "cpe:/h:xerox:workcentre_3545:0.001.04.504", "cpe:/h:xerox:workcentre_2636:0.001.04.504", "cpe:/h:xerox:workcentre_2128:0.001.04.504", "cpe:/h:xerox:workcentre_3545:0.001.04.044"], "id": "CVE-2005-2202", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2202", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:h:xerox:workcentre_3545:0.001.04.504:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_3545:0.001.04.044:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2636:0.001.04.044:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2636:0.001.04.504:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2128:0.001.04.044:*:pro_color:*:*:*:*:*", "cpe:2.3:h:xerox:workcentre_2128:0.001.04.504:*:pro_color:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2201", "CVE-2005-2646"], "edition": 1, "description": "## Vulnerability Description\nXerox WorkCentre contains a flaw that may allow a remote denial of service. The issue is triggered when specially constructed HTTP requests are sent to the embedded web server, and will result in loss of availability for the device.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Xerox has released a patch to address this vulnerability.\n## Short Description\nXerox WorkCentre contains a flaw that may allow a remote denial of service. The issue is triggered when specially constructed HTTP requests are sent to the embedded web server, and will result in loss of availability for the device.\n## References:\nVendor Specific Solution URL: http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip\nVendor Specific Solution URL: http://www.xerox.com/downloads/usa/en/c/cert_P22_NIAP_WCP_C_Only.zip\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_006.pdf)\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf)\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_007.pdf)\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf)\nSecurity Tracker: 1014720\nSecurity Tracker: 1014429\n[Secunia Advisory ID:16467](https://secuniaresearch.flexerasoftware.com/advisories/16467/)\n[Secunia Advisory ID:15970](https://secuniaresearch.flexerasoftware.com/advisories/15970/)\n[Secunia Advisory ID:16167](https://secuniaresearch.flexerasoftware.com/advisories/16167/)\n[Related OSVDB ID: 17765](https://vulners.com/osvdb/OSVDB:17765)\n[Related OSVDB ID: 17768](https://vulners.com/osvdb/OSVDB:17768)\n[Related OSVDB ID: 17767](https://vulners.com/osvdb/OSVDB:17767)\nKeyword: XRX05-006\nKeyword: XRX05-007,XRX05-008\nKeyword: XRX05-009\n[CVE-2005-2201](https://vulners.com/cve/CVE-2005-2201)\n[CVE-2005-2646](https://vulners.com/cve/CVE-2005-2646)\n", "modified": "2005-06-27T14:57:41", "published": "2005-06-27T14:57:41", "href": "https://vulners.com/osvdb/OSVDB:17766", "id": "OSVDB:17766", "title": "Xerox WorkCentre Crafted HTTP Request DoS", "type": "osvdb", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2200", "CVE-2005-2645"], "edition": 1, "description": "## Vulnerability Description\nXerox WorkCentre contains an unspecified flaw that may allow a malicious user to bypass authentication. No further details have been provided.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Xerox has released a patch to address this vulnerability.\n## Short Description\nXerox WorkCentre contains an unspecified flaw that may allow a malicious user to bypass authentication. No further details have been provided.\n## References:\nVendor Specific Solution URL: http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip\nVendor Specific Solution URL: http://www.xerox.com/downloads/usa/en/c/cert_P22_NIAP_WCP_C_Only.zip\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_006.pdf)\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf)\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_007.pdf)\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf)\nSecurity Tracker: 1014720\nSecurity Tracker: 1014429\n[Secunia Advisory ID:16467](https://secuniaresearch.flexerasoftware.com/advisories/16467/)\n[Secunia Advisory ID:15970](https://secuniaresearch.flexerasoftware.com/advisories/15970/)\n[Secunia Advisory ID:16167](https://secuniaresearch.flexerasoftware.com/advisories/16167/)\n[Related OSVDB ID: 17768](https://vulners.com/osvdb/OSVDB:17768)\n[Related OSVDB ID: 17766](https://vulners.com/osvdb/OSVDB:17766)\n[Related OSVDB ID: 17767](https://vulners.com/osvdb/OSVDB:17767)\nKeyword: XRX05-006\nKeyword: XRX05-007\nKeyword: XRX05-008\nKeyword: XRX05-009\nFrSIRT Advisory: ADV-2005-1009\n[CVE-2005-2645](https://vulners.com/cve/CVE-2005-2645)\n[CVE-2005-2200](https://vulners.com/cve/CVE-2005-2200)\nBugtraq ID: 14187\n", "modified": "2005-06-27T14:57:41", "published": "2005-06-27T14:57:41", "href": "https://vulners.com/osvdb/OSVDB:17765", "id": "OSVDB:17765", "title": "Xerox WorkCentre Unspecified Authentication Bypass", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2647", "CVE-2005-2202"], "edition": 1, "description": "## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Xerox has released a patch to address this vulnerability.\n## References:\nVendor Specific Solution URL: http://www.xerox.com/downloads/usa/en/c/cert_P23_HTTP_Patch_AllWCP.zip\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_006.pdf)\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf)\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_007.pdf)\n[Vendor Specific Advisory URL](http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf)\nSecurity Tracker: 1014720\nSecurity Tracker: 1014429\n[Secunia Advisory ID:16467](https://secuniaresearch.flexerasoftware.com/advisories/16467/)\n[Secunia Advisory ID:15970](https://secuniaresearch.flexerasoftware.com/advisories/15970/)\n[Secunia Advisory ID:16167](https://secuniaresearch.flexerasoftware.com/advisories/16167/)\n[Related OSVDB ID: 17765](https://vulners.com/osvdb/OSVDB:17765)\n[Related OSVDB ID: 17766](https://vulners.com/osvdb/OSVDB:17766)\nKeyword: XRX05-006\nKeyword: XRX05-007\nKeyword: XRX05-008\nKeyword: XRX05-009\n[CVE-2005-2202](https://vulners.com/cve/CVE-2005-2202)\n[CVE-2005-2647](https://vulners.com/cve/CVE-2005-2647)\n", "modified": "2005-06-27T14:57:41", "published": "2005-06-27T14:57:41", "href": "https://vulners.com/osvdb/OSVDB:17768", "id": "OSVDB:17768", "title": "Xerox WorkCentre MicroServer Unspecified XSS", "type": "osvdb", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
