vendor:
Aficio SP 5200S Printer
by:
Paulina Girón
5.5
CVSS
MEDIUM
Code Injection - HTML Injection
79
CWE
Product Name: Aficio SP 5200S Printer
Affected Version From: RICOH Aficio SP 5200S Printer
Affected Version To: RICOH Aficio SP 5200S Printer
Patch Exists: NO
Related CWE:
CPE: a:ricoh:aficio_sp_5200s_printer
Platforms Tested:
2020
RICOH Aficio SP 5200S Printer – ‘entryNameIn’ HTML Injection
The RICOH Aficio SP 5200S Printer is vulnerable to code injection through the 'entryNameIn' parameter in the 'adrsGetUser.cgi' HTTP POST request. An attacker can inject malicious HTML code and execute it in the context of the victim's browser.
Mitigation:
To mitigate this vulnerability, it is recommended to sanitize user input and properly encode any user-controlled data that is displayed in HTML context. Additionally, implementing a Content Security Policy (CSP) can help prevent the execution of injected code.