RICOH MP C1803 JPN Cross-site Scripting (CVE-2018-17310)

On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. This plugin only works with Tenable.ot. Please visit...

Real Furnace and StRSR addresses can be added to the Distributor

Lines of code Vulnerability details Impact RToken may be distributed to StRSR and frozen. RSR may be distributed to Furnace and frozen. Proof of Concept Both Furnace and StRSR are added to the destinations of Distributor in DistributorP1init: function initIMain main, RevenueShare calldata dist...

CVE-2018-17316

On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...

Cross site scripting

On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi...