CVE-2022-37406
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
07/12/2022
Last modified:
23/04/2025
Description
Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
Impact
Base Score 3.x
4.80
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:ricoh:aficio_sp_4210n_firmware:*:*:*:*:*:*:*:* | 1.05 (excluding) | |
| cpe:2.3:h:ricoh:aficio_sp_4210n:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://jvn.jp/en/jp/JVN24659622/index.html
- https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm
- https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history/w/bb/pub_j/dr_ut_d/4101044/4101044791/V101/5236968/redirect_CLUTool_DOM/history.htm
- https://jvn.jp/en/jp/JVN24659622/index.html
- https://support.ricoh.com/bb/html/dr_ut_e/rc3/model/sp42/sp42.htm
- https://support.ricoh.com/bbv2/html/dr_ut_d/ipsio/history/w/bb/pub_j/dr_ut_d/4101044/4101044791/V101/5236968/redirect_CLUTool_DOM/history.htm