| Vulnerability Name: | CVE-2008-2825 (CCN-43061) | ||||||||
| Assigned: | 2008-06-12 | ||||||||
| Published: | 2008-06-12 | ||||||||
| Updated: | 2017-08-08 | ||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-79 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2008-2825 Source: CCN Type: SA30669 Xerox WorkCentre Web Server Unspecified Script Insertion Source: SECUNIA Type: Vendor Advisory 30669 Source: CCN Type: SECTRACK ID: 1020280 Xerox WorkCentre Input Validation Hole Permits Cross-Site Scripting Attacks Source: CCN Type: OSVDB ID: 46137 XEROX WorkCentre Web Server Unspecified XSS Source: BID Type: UNKNOWN 29689 Source: CCN Type: BID-29689 Xerox WorkCentre Webserver Unspecified HTML Injection Vulnerability Source: SECTRACK Type: Patch 1020280 Source: VUPEN Type: UNKNOWN ADV-2008-1830 Source: CCN Type: Xerox Security Bulletin XRX08-005 Software update to address cross-site scripting vulnerability Source: CONFIRM Type: Patch http://www.xerox.com/downloads/usa/en/c/cert_XRX08_005.pdf Source: XF Type: UNKNOWN workcentre-webserver-xss(43061) Source: XF Type: UNKNOWN workcentre-webserver-xss(43061) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||