Vulnerabilities > Ricoh > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-14 CVE-2019-11844 Cross-site Scripting vulnerability in Ricoh SP 4520Dn Firmware
An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter.
network
ricoh CWE-79
4.3
2019-01-09 CVE-2018-16187 Improper Certificate Validation vulnerability in Ricoh products
The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication.
network
ricoh CWE-295
4.3
2019-01-09 CVE-2018-16185 Improper Input Validation vulnerability in Ricoh products
RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program.
network
ricoh CWE-20
6.8
2018-09-26 CVE-2018-17316 Cross-site Scripting vulnerability in Ricoh MP C6003 Firmware
On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
ricoh CWE-79
4.3
2018-09-26 CVE-2018-17315 Cross-site Scripting vulnerability in Ricoh MP C2003Sp Firmware
On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
ricoh CWE-79
4.3
2018-09-26 CVE-2018-17314 Cross-site Scripting vulnerability in Ricoh MP 305+ Firmware
On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
ricoh CWE-79
4.3
2018-09-26 CVE-2018-17313 Cross-site Scripting vulnerability in Ricoh MP C307 Firmware
On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
ricoh CWE-79
4.3
2018-09-26 CVE-2018-17312 Cross-site Scripting vulnerability in Ricoh Aficio MP 301Spf Firmware
On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
ricoh CWE-79
4.3
2018-09-26 CVE-2018-17311 Cross-site Scripting vulnerability in Ricoh MP C6503 Firmware
On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
ricoh CWE-79
4.3
2018-09-26 CVE-2018-17310 Cross-site Scripting vulnerability in Ricoh MP C1803 JPN Firmware
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
network
ricoh CWE-79
4.3