Title: Xerox WorkCentre Webserver Unspecified HTML Injection Vulnerability
Severity: MODERATE
Description:
Xerox WorkCentre is a web-capable printer and photocopier.
WorkCentre is prone to an unspecified HTML-injection vulnerability because it fails to sanitize user-supplied input. An attacker can exploit this issue to inject malicious script code into the application. The vulnerability occurs in the Web Server.
Technical details are currently unavailable. We will update this BID as soon as more information emerges.
Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
The following Xerox WorkCentre versions are affected:
WorkCentre M123
WorkCentre M128
WorkCentre 133
WorkCentre Pro 122
WorkCentre Pro 128
WorkCentre Pro 133
Affected Products:
- Xerox WorkCentre 133
- Xerox WorkCentre M123
- Xerox WorkCentre M128
- Xerox WorkCentre Pro 123
- Xerox WorkCentre Pro 128
- Xerox WorkCentre Pro 133
References:
- Xerox: Xerox Homepage
- Xerox: Xerox Security Bulletin XRX08-005
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
