CVE-2022-41830

EPSS 0.09%
Veröffentlicht 05.12.2022 04:15:10
Zuletzt bearbeitet 24.04.2025 15:15:49
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kyocera ≫ Taskalfa 7550ci Firmware Version-

Kyocera ≫ Taskalfa 7550ci Version-

Kyocera ≫ Taskalfa 6550ci Firmware Version-

Kyocera ≫ Taskalfa 6550ci Version-

Kyocera ≫ Taskalfa 5550ci Firmware Version-

Kyocera ≫ Taskalfa 5550ci Version-

Kyocera ≫ Taskalfa 4550ci Firmware Version-

Kyocera ≫ Taskalfa 4550ci Version-

Kyocera ≫ Taskalfa 3550ci Firmware Version-

Kyocera ≫ Taskalfa 3550ci Version-

Kyocera ≫ Taskalfa 3050ci Firmware Version-

Kyocera ≫ Taskalfa 3050ci Version-

Kyocera ≫ Taskalfa 255c Firmware Version-

Kyocera ≫ Taskalfa 255c Version-

Kyocera ≫ Taskalfa 205c Firmware Version-

Kyocera ≫ Taskalfa 205c Version-

Kyocera ≫ Taskalfa 256ci Firmware Version-

Kyocera ≫ Taskalfa 256ci Version-

Kyocera ≫ Taskalfa 206ci Firmware Version-

Kyocera ≫ Taskalfa 206ci Version-

Kyocera ≫ Ecosys M6526cdn Firmware Version-

Kyocera ≫ Ecosys M6526cdn Version-

Kyocera ≫ Ecosys M6526cidn Firmware Version-

Kyocera ≫ Ecosys M6526cidn Version-

Kyocera ≫ Fs-c2126mfp Firmware Version-

Kyocera ≫ Fs-c2126mfp Version-

Kyocera ≫ Fs-c2026mfp Firmware Version-

Kyocera ≫ Fs-c2026mfp Version-

Kyocera ≫ Taskalfa 8000i Firmware Version-

Kyocera ≫ Taskalfa 8000i Version-

Kyocera ≫ Taskalfa 6500i Firmware Version-

Kyocera ≫ Taskalfa 6500i Version-

Kyocera ≫ Taskalfa 5500i Firmware Version-

Kyocera ≫ Taskalfa 5500i Version-

Kyocera ≫ Taskalfa 4500i Firmware Version-

Kyocera ≫ Taskalfa 4500i Version-

Kyocera ≫ Taskalfa 3500i Firmware Version-

Kyocera ≫ Taskalfa 3500i Version-

Kyocera ≫ Taskalfa 305 Firmware Version-

Kyocera ≫ Taskalfa 305 Version-

Kyocera ≫ Taskalfa 255 Firmware Version-

Kyocera ≫ Taskalfa 255 Version-

Kyocera ≫ Taskalfa 306i Firmware Version-

Kyocera ≫ Taskalfa 306i Version-

Kyocera ≫ Taskalfa 256i Firmware Version-

Kyocera ≫ Taskalfa 256i Version-

Kyocera ≫ Ls-3140mfp Firmware Version-

Kyocera ≫ Ls-3140mfp Version-

Kyocera ≫ Ls-3640mfp Firmware Version-

Kyocera ≫ Ls-3640mfp Version-

Kyocera ≫ Ecosys M2535dn Firmware Version-

Kyocera ≫ Ecosys M2535dn Version-

Kyocera ≫ Ls-1135mfp Firmware Version-

Kyocera ≫ Ls-1135mfp Version-

Kyocera ≫ Ls-1035mfp Firmware Version-

Kyocera ≫ Ls-1035mfp Version-

Kyocera ≫ Ls-c8650dn Firmware Version-

Kyocera ≫ Ls-c8650dn Version-

Kyocera ≫ Ls-c8600dn Firmware Version-

Kyocera ≫ Ls-c8600dn Version-

Kyocera ≫ Ecosys P6026cdn Firmware Version-

Kyocera ≫ Ecosys P6026cdn Version-

Kyocera ≫ Fs-c5250dn Firmware Version-

Kyocera ≫ Fs-c5250dn Version-

Kyocera ≫ Ls-4300dn Firmware Version-

Kyocera ≫ Ls-4300dn Version-

Kyocera ≫ Ls-4200dn Firmware Version-

Kyocera ≫ Ls-4200dn Version-

Kyocera ≫ Ls-2100dn Firmware Version-

Kyocera ≫ Ls-2100dn Version-

Kyocera ≫ Ecosys P4040dn Firmware Version-

Kyocera ≫ Ecosys P4040dn Version-

Kyocera ≫ Ecosys P2135dn Firmware Version-

Kyocera ≫ Ecosys P2135dn Version-

Kyocera ≫ Fs-1370dn Firmware Version-

Kyocera ≫ Fs-1370dn Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.249

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://jvn.jp/en/jp/JVN46345126/index.html

Vendor Advisory

https://www.kyoceradocumentsolutions.co.jp/support/information/info_20221101.html

Vendor Advisory

Mitigation

https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-11-01.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-41830

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41830

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41830

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-41830