Reflected XSS Vulnerability in Canon Oce Colorwave 500 Printer
CVE-2020-10670

6.1MEDIUM

Key Information:

Vendor: Canon
Status: Oce Colorwave 500 Firmware
Vendor: CVE Published:; 19 March 2020

What is CVE-2020-10670?

The Canon Oce Colorwave 500 printer, specifically version 4.0.0.0, has a vulnerability that allows reflected cross-site scripting through the settingId parameter on the settingDialogContent.jsp page. This security flaw could enable attackers to execute malicious scripts in the context of users interacting with the web application, potentially leading to unauthorized access or data breaches. The vulnerability has been addressed in the latest software update, making it crucial for users to upgrade to ensure security.

References

https://www.redtimmy.com/red-teaming/hacking-the-oce-colo...

x_refsource_MISC

http://packetstormsecurity.com/files/156833/Oce-Colorwave...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2020
Vulnerability Reserved
Mar 18, 2020