XeroxのWorkCentreに入っているWebサーバでサニタイズがうまく行われていないために任意のHTMLとスクリプトを埋め込むことが出来るそうです。

Certain unspecified input in the Web Server is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is then executed in a user's browser session in context of an affected site when a malicious page is viewed.

The vulnerability affects the following versions:

• WorkCentre 7132
• WorkCentre 7228
• WorkCentre 7235
• WorkCentre 7245