{"api_version":"1","generated_at":"2026-07-05T04:09:03+00:00","cve":"CVE-2008-2825","urls":{"html":"https://cve.report/CVE-2008-2825","api":"https://cve.report/api/cve/CVE-2008-2825.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-2825","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-2825"},"summary":{"title":"CVE-2008-2825","description":"Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-06-23 17:41:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securitytracker.com/id?1020280","name":"http://www.securitytracker.com/id?1020280","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Xerox WorkCentre Input Validation Hole Permits Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/29689","name":"http://www.securityfocus.com/bid/29689","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Xerox WorkCentre Webserver Unspecified HTML Injection Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2008/1830/references","name":"http://www.vupen.com/english/advisories/2008/1830/references","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/30669","name":"http://secunia.com/advisories/30669","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Xerox WorkCentre Web Server Unspecified Script Insertion - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.xerox.com/downloads/usa/en/c/cert_XRX08_005.pdf","name":"http://www.xerox.com/downloads/usa/en/c/cert_XRX08_005.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"application/pdf","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43061","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43061","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-2825","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-2825","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"2825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"xerox","cpe5":"workcentre","cpe6":"m123","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"xerox","cpe5":"workcentre","cpe6":"m123","cpe7":"unknown","cpe8":"pro","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"xerox","cpe5":"workcentre","cpe6":"m128","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"xerox","cpe5":"workcentre","cpe6":"m128","cpe7":"unknown","cpe8":"pro","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"xerox","cpe5":"workcentre","cpe6":"m133","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"2825","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"xerox","cpe5":"workcentre","cpe6":"m133","cpe7":"unknown","cpe8":"pro","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T09:14:14.693Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"30669","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/30669"},{"name":"29689","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/29689"},{"name":"ADV-2008-1830","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/1830/references"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.xerox.com/downloads/usa/en/c/cert_XRX08_005.pdf"},{"name":"1020280","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1020280"},{"name":"workcentre-webserver-xss(43061)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43061"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-06-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-07T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"30669","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/30669"},{"name":"29689","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/29689"},{"name":"ADV-2008-1830","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/1830/references"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.xerox.com/downloads/usa/en/c/cert_XRX08_005.pdf"},{"name":"1020280","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1020280"},{"name":"workcentre-webserver-xss(43061)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43061"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-2825","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"30669","refsource":"SECUNIA","url":"http://secunia.com/advisories/30669"},{"name":"29689","refsource":"BID","url":"http://www.securityfocus.com/bid/29689"},{"name":"ADV-2008-1830","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/1830/references"},{"name":"http://www.xerox.com/downloads/usa/en/c/cert_XRX08_005.pdf","refsource":"CONFIRM","url":"http://www.xerox.com/downloads/usa/en/c/cert_XRX08_005.pdf"},{"name":"1020280","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1020280"},{"name":"workcentre-webserver-xss(43061)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/43061"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-2825","datePublished":"2008-06-23T17:00:00.000Z","dateReserved":"2008-06-23T00:00:00.000Z","dateUpdated":"2024-08-07T09:14:14.693Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-06-23 17:41:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:xerox:workcentre:m123:*:*:*:*:*:*:*","matchCriteriaId":"3810671F-9985-49E1-8706-8439BDE51DCD"},{"vulnerable":true,"criteria":"cpe:2.3:h:xerox:workcentre:m123:unknown:pro:*:*:*:*:*","matchCriteriaId":"E6A007EB-D8A0-4391-9C38-CEA878C3C1B9"},{"vulnerable":true,"criteria":"cpe:2.3:h:xerox:workcentre:m128:*:*:*:*:*:*:*","matchCriteriaId":"80270025-8B0E-451B-ACAA-DD30CA8C25AE"},{"vulnerable":true,"criteria":"cpe:2.3:h:xerox:workcentre:m128:unknown:pro:*:*:*:*:*","matchCriteriaId":"7687A27D-54A7-4B68-BE83-A0C077882F33"},{"vulnerable":true,"criteria":"cpe:2.3:h:xerox:workcentre:m133:*:*:*:*:*:*:*","matchCriteriaId":"32EFB35D-ED35-4F19-A593-F555DB2D3637"},{"vulnerable":true,"criteria":"cpe:2.3:h:xerox:workcentre:m133:unknown:pro:*:*:*:*:*","matchCriteriaId":"624A67F3-8EF4-4BEB-A8D2-3942EBF1FA34"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"2825","Ordinal":"1","Title":"CVE-2008-2825","CVE":"CVE-2008-2825","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"2825","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Type":"Description","Title":"CVE-2008-2825"},{"CveYear":"2008","CveId":"2825","Ordinal":"2","NoteData":"2008-06-23","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"2825","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}