Vulnerabilities > Ricoh > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-26 | CVE-2018-17309 | Cross-site Scripting vulnerability in Ricoh MP C406Zspf Firmware On the RICOH MP C406Z printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |
| 2018-09-21 | CVE-2018-17002 | Cross-site Scripting vulnerability in Ricoh MP 2001Sp Firmware On the RICOH MP 2001 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |
| 2018-09-21 | CVE-2018-17001 | Cross-site Scripting vulnerability in Ricoh SP 4510Sf Firmware On the RICOH SP 4510SF printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi. | 4.3 |
| 2018-08-28 | CVE-2018-15884 | Cross-Site Request Forgery (CSRF) vulnerability in Ricoh MP C4504Ex Firmware RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. | 6.8 |
| 2012-09-19 | CVE-2012-5002 | Buffer Errors vulnerability in Ricoh Dl-10 and Sr10 FTP Server Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in Ricoh DC Software DL-10 4.5.0.1, when the Log file name option is enabled, allows remote attackers to execute arbitrary code via a long USER FTP command. | 6.8 |