Cross-Site Scripting Vulnerabilities in Xerox CentreWare Web
CVE-2008-3121

Currently unrated

Key Information:

Vendor: Xerox
Status: Centreware Web
Vendor: CVE Published:; 10 July 2008

Summary

Xerox CentreWare Web (CWW) prior to version 4.6.46 is susceptible to multiple cross-site scripting vulnerabilities. These issues allow remote authenticated users to inject arbitrary web scripts or HTML, potentially leading to unauthorized actions being executed in the context of the user’s session. The vulnerabilities arise from unspecified vectors, which could be leveraged for various malicious outcomes, highlighting the need for users to upgrade to a secure version.

References

http://www.xerox.com/downloads/usa/en/c/cert_XRX08_008.pdf

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/43671

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/30151

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Jul 10, 2008
Vulnerability Reserved
Jul 10, 2008