Vulnerability Description
The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canon | Oce Colorwave 500 Firmware | <= 4.0.0.0 |
| Canon | Oce Colorwave 500 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-AuthenticThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Mar/24Third Party Advisory
- https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quExploitThird Party Advisory
- http://packetstormsecurity.com/files/156833/Oce-Colorwave-500-CSRF-XSS-AuthenticThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2020/Mar/24Third Party Advisory
- https://www.redtimmy.com/red-teaming/hacking-the-oce-colorwave-printer-when-a-quExploitThird Party Advisory
FAQ
What is CVE-2020-10668?
CVE-2020-10668 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflected XSS in /home.jsp. The vulnerable parameter is openSI. NOTE: this is fixed in the latest version.
How severe is CVE-2020-10668?
CVE-2020-10668 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10668?
Check the references section above for vendor advisories and patch information. Affected products include: Canon Oce Colorwave 500 Firmware, Canon Oce Colorwave 500.