Vulnerabilities > Xerox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-46327 | Improper Authentication vulnerability in multiple products Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. | 5.9 |
| 2023-01-31 | CVE-2022-45897 | Cleartext Storage of Sensitive Information vulnerability in Xerox Workcentre 3550 Firmware 25.003.03.000 On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. | 6.5 |
| 2022-02-10 | CVE-2022-23321 | Cross-site Scripting vulnerability in Xerox Xmpie Ustore 12.3.7244.0 A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. | 4.8 |
| 2021-03-04 | CVE-2019-18628 | Unspecified vulnerability in Xerox products Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow a user with administrative privileges to turn off data encryption on the device, thus leaving it open to potential cryptographic information disclosure. | 4.9 |
| 2020-10-09 | CVE-2020-26162 | Cross-site Scripting vulnerability in Xerox products Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages. | 6.1 |
| 2020-03-13 | CVE-2019-13170 | Cross-Site Request Forgery (CSRF) vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement any mechanism to avoid CSRF attacks. | 6.5 |
| 2020-03-13 | CVE-2019-13167 | Cross-site Scripting vulnerability in Xerox Phaser 3320 Firmware V53.006.16.000 Multiple Stored XSS vulnerabilities were found in the Xerox Web Application, used by the Phaser 3320 V53.006.16.000 and other printers. | 6.1 |
| 2019-05-13 | CVE-2018-15530 | Cross-site Scripting vulnerability in Xerox Colorqube 8580 Firmware Cross-site scripting (XSS) in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code. | 6.1 |