Vulnerabilities > Ricoh > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-07 CVE-2022-37406 Cross-site Scripting vulnerability in Ricoh Aficio SP 4210N Firmware
Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script.
network
low complexity
ricoh CWE-79
4.8
2020-01-10 CVE-2019-14302 Unspecified vulnerability in Ricoh products
On Ricoh SP C250DN 1.06 devices, a debug port can be used.
low complexity
ricoh
6.8
2019-12-26 CVE-2019-6021 Open Redirect vulnerability in Ricoh Limedio
Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.
network
low complexity
ricoh CWE-601
6.1
2019-10-21 CVE-2019-18203 Cross-site Scripting vulnerability in Ricoh MP 501 Firmware
On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
low complexity
ricoh CWE-79
6.1
2019-05-14 CVE-2019-11845 Cross-site Scripting vulnerability in Ricoh SP 4510Dn Firmware
An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
network
low complexity
ricoh CWE-79
6.1
2019-05-14 CVE-2019-11844 Cross-site Scripting vulnerability in Ricoh SP 4520Dn Firmware
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
network
low complexity
ricoh CWE-79
6.1
2019-01-09 CVE-2018-16187 Improper Certificate Validation vulnerability in Ricoh products
The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication.
network
high complexity
ricoh CWE-295
5.9
2018-09-26 CVE-2018-17316 Cross-site Scripting vulnerability in Ricoh MP C6003 Firmware
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
low complexity
ricoh CWE-79
6.1
2018-09-26 CVE-2018-17315 Cross-site Scripting vulnerability in Ricoh MP C2003Sp Firmware
On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
low complexity
ricoh CWE-79
6.1
2018-09-26 CVE-2018-17314 Cross-site Scripting vulnerability in Ricoh MP 305+ Firmware
On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
low complexity
ricoh CWE-79
6.1