exploitDog

CVE-2018-15884

Опубликовано: 28 авг. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

Ссылки

http://packetstormsecurity.com/files/149082/RICOH-MP-C4504ex-Cross-Site-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45264/
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/149082/RICOH-MP-C4504ex-Cross-Site-Request-Forgery.html
Exploit
Third Party Advisory
VDB Entry
https://www.exploit-db.com/exploits/45264/
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:ricoh:mp_c4504ex_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ricoh:mp_c4504ex:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00416

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-83hm-mmvp-ggxp

CVSS3: 8.8

github

больше 3 лет назад

RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.

EPSS

Процентиль: 61%

0.00416

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-79