Home

Description

A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product.

PUBLISHED Reserved 2025-06-20 | Published 2025-06-30 | Updated 2025-06-30 | Assigner jpcert




MEDIUM: 6.1CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Problem types

Cross-site scripting (XSS)

Product status

versions 3.5.0 to 3.7.2
affected

References

www.ricoh.com/...ty/vulnerabilities/vul?id=ricoh-2025-000008

jvn.jp/en/jp/JVN24333956/

cve.org (CVE-2025-41439)

nvd.nist.gov (CVE-2025-41439)

Download JSON