Cross-Site Scripting (XSS) Vulnerability in KYOCERA Command Center on MFPs/Printers
July 24st, 2014
the vulnerability was found in the KYOCERA Command Center* (hereinafter referred to as Command Center) installed in below MFPs and Printers.
*Note: KYOCERA Command Center refers to the web home page that is installed in the MFP/Printer from which you can verify the operating status of the machine and make settings related to security, network printing, e-mail transmission and advanced networking.
A malicious attacker could cause arbitrary scripting code to be executed on the client-side web browser while the user is accessing the Command Center.
To avoid such an effect, please do not access other web sites when accessing the Command Center.
- ECOSYS FS-3640MFP / 3540MFP
- ECOSYS FS-6030MFP / 6025MFP
- ECOSYS FS- C2626MFP / C2526MFP
- ECOSYS FS- C2126MFP+ / C2026MFP+ / C2126MFP / C2026MFP
- ECOSYS FS- C8025MFP / C8020MFP
- TASKalfa 265ci
- ECOSYS FS-C5150DN / C5250DN