Sign-up

ID

VAR-201910-0880


CVE

CVE-2019-18203


TITLE

RICOH MP 501 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-37877 // CNNVD: CNNVD-201910-1271

DESCRIPTION

On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi. RICOH MP 501 The printer contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The RICOH MP 501 is a printer from the Japanese company RICOH. The vulnerability stems from the lack of proper verification of client data by web applications. Attackers can use this vulnerability to execute client code

Trust: 2.16

sources: NVD: CVE-2019-18203 // JVNDB: JVNDB-2019-011216 // CNVD: CNVD-2019-37877

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-37877

AFFECTED PRODUCTS

vendor:ricohmodel:mp 501scope:eqversion: -

Trust: 2.2

vendor:ricohmodel:mp 501scope: - version: -

Trust: 0.8

vendor:ricohmodel:mpscope:eqversion:501

Trust: 0.6

sources: CNVD: CNVD-2019-37877 // JVNDB: JVNDB-2019-011216 // CNNVD: CNNVD-201910-1271 // NVD: CVE-2019-18203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18203
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-18203
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-37877
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201910-1271
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-18203
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-37877
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18203
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2019-18203
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-37877 // JVNDB: JVNDB-2019-011216 // CNNVD: CNNVD-201910-1271 // NVD: CVE-2019-18203

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2019-011216 // NVD: CVE-2019-18203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201910-1271

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201910-1271

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011216

PATCH
title:Top Pageurl:https://www.ricoh.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-011216

EXTERNAL IDS
db:NVDid:CVE-2019-18203
Trust: 3.0
db:JVNDBid:JVNDB-2019-011216
Trust: 0.8
db:CNVDid:CNVD-2019-37877
Trust: 0.6
db:CNNVDid:CNNVD-201910-1271
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-37877 // 
            
            
            
            JVNDB: JVNDB-2019-011216 // 
            
            
            
            CNNVD: CNNVD-201910-1271 // 
            
            
            
            NVD: CVE-2019-18203

REFERENCES
url:https://medium.com/zero2flag/cve-2019-18203-bfa65918e591
Trust: 3.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-18203
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18203
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-37877 // 
            
            
            
            JVNDB: JVNDB-2019-011216 // 
            
            
            
            CNNVD: CNNVD-201910-1271 // 
            
            
            
            NVD: CVE-2019-18203

SOURCES
db:CNVDid:CNVD-2019-37877
db:JVNDBid:JVNDB-2019-011216
db:CNNVDid:CNNVD-201910-1271
db:NVDid:CVE-2019-18203

LAST UPDATE DATE
2024-11-23T22:41:19.471000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-37877date:2019-10-29T00:00:00
db:JVNDBid:JVNDB-2019-011216date:2019-10-30T00:00:00
db:CNNVDid:CNNVD-201910-1271date:2019-10-25T00:00:00
db:NVDid:CVE-2019-18203date:2024-11-21T04:32:49.453

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-37877date:2019-10-29T00:00:00
db:JVNDBid:JVNDB-2019-011216date:2019-10-30T00:00:00
db:CNNVDid:CNNVD-201910-1271date:2019-10-21T00:00:00
db:NVDid:CVE-2019-18203date:2019-10-21T18:15:10.617