CVE-2008-2825

Summary

CVE	CVE-2008-2825
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2008-06-23 17:41:00 UTC
Updated	2017-08-08 01:31:00 UTC
Description	Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Xerox	Workcentre	m123	All	All	All
Hardware	Xerox	Workcentre	m123	unknown	pro	All
Hardware	Xerox	Workcentre	m128	All	All	All
Hardware	Xerox	Workcentre	m128	unknown	pro	All
Hardware	Xerox	Workcentre	m133	All	All	All
Hardware	Xerox	Workcentre	m133	unknown	pro	All
Hardware	Xerox	Workcentre	m123	All	All	All
Hardware	Xerox	Workcentre	m123	unknown	pro	All
Hardware	Xerox	Workcentre	m128	All	All	All
Hardware	Xerox	Workcentre	m128	unknown	pro	All
Hardware	Xerox	Workcentre	m133	All	All	All
Hardware	Xerox	Workcentre	m133	unknown	pro	All

References

Reference	Source	Link	Tags
Xerox WorkCentre Input Validation Hole Permits Cross-Site Scripting Attacks - SecurityTracker	SECTRACK	www.securitytracker.com	Patch
Xerox WorkCentre Web Server Unspecified Script Insertion - Secunia Advisories - Vulnerability Intelligence - Secunia.com	SECUNIA	secunia.com	Vendor Advisory
Xerox WorkCentre Webserver Unspecified HTML Injection Vulnerability	BID	www.securityfocus.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com
www.xerox.com/downloads/usa/en/c/cert_XRX08_005.pdf	CONFIRM	www.xerox.com	Patch
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.