Vulnerabilities > Ricoh > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-07 | CVE-2022-37406 | Cross-site Scripting vulnerability in Ricoh Aficio SP 4210N Firmware Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05 allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. | 4.8 |
| 2020-01-10 | CVE-2019-14302 | Unspecified vulnerability in Ricoh products On Ricoh SP C250DN 1.06 devices, a debug port can be used. low complexity ricoh | 6.8 |
| 2019-12-26 | CVE-2019-6021 | Open Redirect vulnerability in Ricoh Limedio Open redirect vulnerability in Library Information Management System LIMEDIO all versions allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. | 6.1 |
| 2019-10-21 | CVE-2019-18203 | Cross-site Scripting vulnerability in Ricoh MP 501 Firmware On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 6.1 |
| 2019-05-14 | CVE-2019-11845 | Cross-site Scripting vulnerability in Ricoh SP 4510Dn Firmware An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | 6.1 |
| 2019-05-14 | CVE-2019-11844 | Cross-site Scripting vulnerability in Ricoh SP 4520Dn Firmware An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. | 6.1 |
| 2019-01-09 | CVE-2018-16187 | Improper Certificate Validation vulnerability in Ricoh products The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication. | 5.9 |
| 2018-09-26 | CVE-2018-17316 | Cross-site Scripting vulnerability in Ricoh MP C6003 Firmware On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 6.1 |
| 2018-09-26 | CVE-2018-17315 | Cross-site Scripting vulnerability in Ricoh MP C2003Sp Firmware On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 6.1 |
| 2018-09-26 | CVE-2018-17314 | Cross-site Scripting vulnerability in Ricoh MP 305+ Firmware On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 6.1 |