Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-delivered reflected XSS requiring user interaction (UI:R); scope changes to browser (S:C); low C and I on browser context only, no availability impact.
Primary rating from Vendor (jpcert).
CVSS VectorVendor: jpcert
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the web browser of the user who accesses Web Image Monitor.
AnalysisAI
Reflected cross-site scripting in Ricoh Web Image Monitor allows unauthenticated remote attackers to inject and execute arbitrary JavaScript in the browser of any user who visits a specially crafted URL pointing to the printer's web management interface. The vulnerability affects multiple Ricoh laser printer and MFP product lines that ship with Web Image Monitor, as documented by JPCERT/CC and Ricoh's own security advisory. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The Web Image Monitor web management interface must be network-accessible from the attacker's position - either over the internet (if publicly exposed) or from an internal network segment with access to the printer's management IP. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.1 (Medium) is broadly consistent with the actual risk profile of this vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker identifies a Ricoh printer with an internet- or intranet-exposed Web Image Monitor interface, crafts a URL containing a reflected XSS payload in a vulnerable query parameter, and delivers it to a printer administrator or regular user via phishing email or a malicious web page. When the target clicks the link and their browser loads the Web Image Monitor page, the injected script executes in the context of the printer's management interface, potentially stealing the user's session cookie or performing authenticated management actions on their behalf. … |
| Remediation | Consult the Ricoh security advisory at https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2026-000005 for the exact patched firmware versions applicable to each affected model and apply the vendor-released firmware update. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40255
GHSA-wvcg-328f-hx5j