Multiple Laser Printers And Mfps Which Implement Ricoh Web Image Monitor
Monthly
Reflected cross-site scripting in Ricoh Web Image Monitor allows unauthenticated remote attackers to inject and execute arbitrary JavaScript in the browser of any user who visits a specially crafted URL pointing to the printer's web management interface. The vulnerability affects multiple Ricoh laser printer and MFP product lines that ship with Web Image Monitor, as documented by JPCERT/CC and Ricoh's own security advisory. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV.
Reflected cross-site scripting in Ricoh Web Image Monitor allows unauthenticated remote attackers to inject and execute arbitrary JavaScript in the browser of any user who visits a specially crafted URL pointing to the printer's web management interface. The vulnerability affects multiple Ricoh laser printer and MFP product lines that ship with Web Image Monitor, as documented by JPCERT/CC and Ricoh's own security advisory. No public exploit has been identified at time of analysis, and active exploitation has not been confirmed by CISA KEV.