CVE-2022-41830

MEDIUM
Published Dec 5, 20223y ago · Modified Jun 17, 20262w ago
4.8 CVSS 3.1
Medium
Find Similar
Published Dec 5, 2022 3y ago
Last Modified Jun 17, 2026 2w ago

Description

Stored cross-site scripting vulnerability in Kyocera Document Solutions MFPs and printers allows a remote authenticated attacker with an administrative privilege to inject arbitrary script. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN.

CVSS Details

Base Score
4.8
Exploitability
1.7
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 80

VendorProductVersionRange
kyocerataskalfa_7550ci_firmware*any
kyocerataskalfa_7550ci*any
kyocerataskalfa_6550ci_firmware*any
kyocerataskalfa_6550ci*any
kyocerataskalfa_5550ci_firmware*any
kyocerataskalfa_5550ci*any
kyocerataskalfa_4550ci_firmware*any
kyocerataskalfa_4550ci*any
kyocerataskalfa_3550ci_firmware*any
kyocerataskalfa_3550ci*any
kyocerataskalfa_3050ci_firmware*any
kyocerataskalfa_3050ci*any
kyocerataskalfa_255c_firmware*any
kyocerataskalfa_255c*any
kyocerataskalfa_205c_firmware*any
kyocerataskalfa_205c*any
kyocerataskalfa_256ci_firmware*any
kyocerataskalfa_256ci*any
kyocerataskalfa_206ci_firmware*any
kyocerataskalfa_206ci*any
kyoceraecosys_m6526cdn_firmware*any
kyoceraecosys_m6526cdn*any
kyoceraecosys_m6526cidn_firmware*any
kyoceraecosys_m6526cidn*any
kyocerafs-c2126mfp_firmware*any
kyocerafs-c2126mfp*any
kyocerafs-c2126mfp\+_firmware*any
kyocerafs-c2126mfp\+*any
kyocerafs-c2026mfp_firmware*any
kyocerafs-c2026mfp*any
kyocerataskalfa_8000i_firmware*any
kyocerataskalfa_8000i*any
kyocerataskalfa_6500i_firmware*any
kyocerataskalfa_6500i*any
kyocerataskalfa_5500i_firmware*any
kyocerataskalfa_5500i*any
kyocerataskalfa_4500i_firmware*any
kyocerataskalfa_4500i*any
kyocerataskalfa_3500i_firmware*any
kyocerataskalfa_3500i*any
kyocerataskalfa_305_firmware*any
kyocerataskalfa_305*any
kyocerataskalfa_255_firmware*any
kyocerataskalfa_255*any
kyocerataskalfa_306i_firmware*any
kyocerataskalfa_306i*any
kyocerataskalfa_256i_firmware*any
kyocerataskalfa_256i*any
kyocerals-3140mfp_firmware*any
kyocerals-3140mfp*any
kyocerals-3140mfp\+_firmware*any
kyocerals-3140mfp\+*any
kyocerals-3640mfp_firmware*any
kyocerals-3640mfp*any
kyoceraecosys_m2535dn_firmware*any
kyoceraecosys_m2535dn*any
kyocerals-1135mfp_firmware*any
kyocerals-1135mfp*any
kyocerals-1035mfp_firmware*any
kyocerals-1035mfp*any
kyocerals-c8650dn_firmware*any
kyocerals-c8650dn*any
kyocerals-c8600dn_firmware*any
kyocerals-c8600dn*any
kyoceraecosys_p6026cdn_firmware*any
kyoceraecosys_p6026cdn*any
kyocerafs-c5250dn_firmware*any
kyocerafs-c5250dn*any
kyocerals-4300dn_firmware*any
kyocerals-4300dn*any
kyocerals-4200dn_firmware*any
kyocerals-4200dn*any
kyocerals-2100dn_firmware*any
kyocerals-2100dn*any
kyoceraecosys_p4040dn_firmware*any
kyoceraecosys_p4040dn*any
kyoceraecosys_p2135dn_firmware*any
kyoceraecosys_p2135dn*any
kyocerafs-1370dn_firmware*any
kyocerafs-1370dn*any

References 3

  • jvn.jp https://jvn.jp/en/jp/JVN46345126/index.html
    Vendor Advisory
  • kyoceradocumentsolutions.co.jp https://www.kyoceradocumentsolutions.co.jp/support/information/info_20221101.html
    MitigationVendor Advisory
  • kyoceradocumentsolutions.com https://www.kyoceradocumentsolutions.com/en/our-business/security/information/2022-11-01.html
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.