CVE-2008-2825
Summary
| CVE | CVE-2008-2825 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-06-23 17:41:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Xerox | Workcentre | m123 | All | All | All |
| Hardware | Xerox | Workcentre | m123 | unknown | pro | All |
| Hardware | Xerox | Workcentre | m128 | All | All | All |
| Hardware | Xerox | Workcentre | m128 | unknown | pro | All |
| Hardware | Xerox | Workcentre | m133 | All | All | All |
| Hardware | Xerox | Workcentre | m133 | unknown | pro | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Xerox WorkCentre Input Validation Hole Permits Cross-Site Scripting Attacks - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Patch |
| Xerox WorkCentre Webserver Unspecified HTML Injection Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| Xerox WorkCentre Web Server Unspecified Script Insertion - Secunia Advisories - Vulnerability Intelligence - Secunia.com | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| www.xerox.com/downloads/usa/en/c/cert_XRX08_005.pdf | af854a3a-2127-422b-91ae-364da2661108 | www.xerox.com | Patch |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.