Vulnerabilities > Ricoh > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-14 | CVE-2019-11844 | Cross-site Scripting vulnerability in Ricoh SP 4520Dn Firmware An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. | 4.3 |
| 2019-01-09 | CVE-2018-16187 | Improper Certificate Validation vulnerability in Ricoh products The RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2.2, D5510 V1.3 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.3 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) does not verify its server certificates, which allows man-in-the-middle attackers to eversdrop on encrypted communication. | 4.3 |
| 2019-01-09 | CVE-2018-16185 | Improper Input Validation vulnerability in Ricoh products RICOH Interactive Whiteboard D2200 V1.1 to V2.2, D5500 V1.1 to V2.2, D5510 V1.1 to V2.2, the display versions with RICOH Interactive Whiteboard Controller Type1 V1.1 to V2.2 attached (D5520, D6500, D6510, D7500, D8400), and the display versions with RICOH Interactive Whiteboard Controller Type2 V3.0 to V3.1.10137.0 attached (D5520, D6510, D7500, D8400) allows remote attackers to execute a malicious program. | 6.8 |
| 2018-09-26 | CVE-2018-17316 | Cross-site Scripting vulnerability in Ricoh MP C6003 Firmware On the RICOH MP C6003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |
| 2018-09-26 | CVE-2018-17315 | Cross-site Scripting vulnerability in Ricoh MP C2003Sp Firmware On the RICOH MP C2003 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |
| 2018-09-26 | CVE-2018-17314 | Cross-site Scripting vulnerability in Ricoh MP 305+ Firmware On the RICOH Aficio MP 305+ printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |
| 2018-09-26 | CVE-2018-17313 | Cross-site Scripting vulnerability in Ricoh MP C307 Firmware On the RICOH MP C307 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |
| 2018-09-26 | CVE-2018-17312 | Cross-site Scripting vulnerability in Ricoh Aficio MP 301Spf Firmware On the RICOH Aficio MP 301 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |
| 2018-09-26 | CVE-2018-17311 | Cross-site Scripting vulnerability in Ricoh MP C6503 Firmware On the RICOH MP C6503 Plus printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |
| 2018-09-26 | CVE-2018-17310 | Cross-site Scripting vulnerability in Ricoh MP C1803 JPN Firmware On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |