CVE-2019-25324

MEDIUM

RICOH Web Image Monitor 1.09 - XSS

Title source: llm

Description

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling cross-site scripting attacks.

Exploits (1)

exploitdb WORKING POC

by Ismail Tasdelen · textwebappshardware

https://www.exploit-db.com/exploits/47827

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/47827

[Various Sources] https://www.ricoh.com/

[Various Sources] http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/p_top010.html

[Third Party Advisory] https://www.vulncheck.com/advisories/ricoh-web-image-monitor-html-injection

Scores

CVSS v3 6.1

EPSS 0.0004

EPSS Percentile 12.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

RICOH/RICOH Web Image Monitor 1.09

Published Feb 12, 2026

Tracked Since Feb 18, 2026