An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is then reflected back to the end user and executed by the web browser.
References
Link | Resource |
---|---|
https://www.gruppotim.it/it/footer/red-team.html | Exploit Vendor Advisory |
https://www.gruppotim.it/it/footer/red-team.html | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 06:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.gruppotim.it/it/footer/red-team.html - Exploit, Vendor Advisory |
12 May 2022, 20:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:kyocera:d-color_mf3555_firmware:2xd_s000.002.271:*:*:*:*:*:*:* |
cpe:2.3:o:olivetti:d-color_mf3555_firmware:2xd_s000.002.271:*:*:*:*:*:*:* cpe:2.3:h:olivetti:d-color_mf3555:-:*:*:*:*:*:*:* |
References | (MISC) https://www.gruppotim.it/it/footer/red-team.html - Exploit, Vendor Advisory |
11 May 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 May 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application doesn't properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is then reflected back to the end user and executed by the web browser. |
28 Apr 2022, 15:44
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.gruppotim.it/it/footer/red-team.html - Exploit, Third Party Advisory | |
References | (MISC) https://kyocera.com - Vendor Advisory | |
CWE | CWE-79 | |
CPE | cpe:2.3:h:kyocera:d-color_mf3555:-:*:*:*:*:*:*:* cpe:2.3:o:kyocera:d-color_mf3555_firmware:2xd_s000.002.271:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
20 Apr 2022, 13:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-04-20 13:15
Updated : 2024-11-21 06:52
NVD link : CVE-2022-25344
Mitre link : CVE-2022-25344
CVE.ORG link : CVE-2022-25344
JSON object : View
Products Affected
olivetti
- d-color_mf3555_firmware
- d-color_mf3555
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')