CVE-2019-25324 | THREATINT

Description

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling cross-site scripting attacks.

PUBLISHED Reserved 2026-02-12 | Published 2026-02-12 | Updated 2026-02-13 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

1.09

affected

Credits

Ismail Tasdelen finder

References

www.exploit-db.com/exploits/47827 (ExploitDB-47827) exploit

www.ricoh.com/ (Official Vendor Homepage) product

support-download.com/...bhlp/nb/gen/v140cc1/en/p_top010.html (Hardware Support Link) product

www.vulncheck.com/.../ricoh-web-image-monitor-html-injection (VulnCheck Advisory: RICOH Web Image Monitor 1.09 - HTML Injection) third-party-advisory

cve.org (CVE-2019-25324)

nvd.nist.gov (CVE-2019-25324)

Download JSON