2 results (0.408 seconds)

CVSS: 10.0EPSS: 1%CPEs: 22EXPL: 0

Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack vectors, aka "command injection vulnerability." Xerox WorkCentre y WorkCentre Pro v232, v238, v245, v255, v265, v275; y WorkCentre v5632, v5638, v5645, v5655, v5665, v5675, v5687, v7655, v7656, y v7675 permite a atacantes remotos ejecutar comandos de su elección a través de vectores de ataque desconocidos, también conocido como "vulnerabilidad de inyección de comando". • http://osvdb.org/54457 http://secunia.com/advisories/35101 http://www.securityfocus.com/bid/34984 http://www.securitytracker.com/id?1022238 http://www.vupen.com/english/advisories/2009/1328 http://www.xerox.com/downloads/usa/en/c/cert_XRX09-02_v1.0.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/50558 •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Cross-site scripting (XSS) vulnerability in the Web Server in Xerox WorkCentre 7132, 7228, 7235, and 7245 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el servidor web en Xerox WorkCentre 7132, 7228, 7235, y 7245 permite a atacantes remotos inyectar web script o HTML a través de vectores no especificados. • http://osvdb.org/45627 http://secunia.com/advisories/30364 http://www.securityfocus.com/bid/29345 http://www.vupen.com/english/advisories/2008/1628/references http://www.xerox.com/downloads/usa/en/c/cert_XRX08_004.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/42595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •