EIP-2026-101951

PRE-CVE

RICOH MP C406Z Printer - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101951. PoCs published by Ismail Tasdelen.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in the RICOH MP C406Z printer's address book feature. The HTTP POST request injects malicious HTML via the 'entryNameIn' parameter, which is then rendered in the web interface.

Description

RICOH MP C406Z Printer - Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC

by Ismail Tasdelen · textwebappshardware

https://www.exploit-db.com/exploits/45490

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in the RICOH MP C406Z printer's address book feature. The HTTP POST request injects malicious HTML via the 'entryNameIn' parameter, which is then rendered in the web interface.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: RICOH MP C406Z Printer

Auth required

Prerequisites: Access to the printer's web interface · Valid session cookies

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026