CVE-2020-25890 Information

Description

The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability discovered in the addition a new contact in \Machine Address Book. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://vitor-santos.medium.com/xss-in-kyocera-printer-ecosys-m2640idw-cf6d3bc525e3

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1