Vulnerabilities > Canon > OCE Colorwave 500 Firmware

DATE CVE VULNERABILITY TITLE RISK
2020-03-19 CVE-2020-10669 Improper Authentication vulnerability in Canon OCE Colorwave 500 Firmware 4.0.0.0
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authentication bypass on the page /home.jsp.
network
low complexity
canon CWE-287
7.5
7.5
2020-03-19 CVE-2020-10671 Cross-Site Request Forgery (CSRF) vulnerability in Canon OCE Colorwave 500 Firmware 4.0.0.0
The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protections.
network
low complexity
canon CWE-352
8.8
8.8
2020-03-19 CVE-2020-10670 Cross-site Scripting vulnerability in Canon OCE Colorwave 500 Firmware 4.0.0.0
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in the parameter settingId of the settingDialogContent.jsp page.
network
low complexity
canon CWE-79
6.1
6.1
2020-03-19 CVE-2020-10668 Cross-site Scripting vulnerability in Canon OCE Colorwave 500 Firmware 4.0.0.0
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp.
network
low complexity
canon CWE-79
6.1
6.1
2020-03-19 CVE-2020-10667 Cross-site Scripting vulnerability in Canon OCE Colorwave 500 Firmware 4.0.0.0
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored XSS in /TemplateManager/indexExternalLocation.jsp.
network
low complexity
canon CWE-79
6.1
6.1