Xerox WorkCentre Web Server Unspecified Script Insertion - Advisories - Secunia
XeroxのWorkCentreに入っているWebサーバでサニタイズがうまく行われていないために任意のHTMLとスクリプトを埋め込むことが出来るそうです。
Certain unspecified input in the Web Server is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is then executed in a user's browser session in context of an affected site when a malicious page is viewed.
The vulnerability affects the following versions:
- WorkCentre 7132
- WorkCentre 7228
- WorkCentre 7235
- WorkCentre 7245