Stored XSS Vulnerability in Kyocera ECOSYS M2640IDW Printer's Web Application Allows Session Hijacking and Unwanted Actions

Stored XSS Vulnerability in Kyocera ECOSYS M2640IDW Printer's Web Application Allows Session Hijacking and Unwanted Actions

CVE-2020-25890 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions

Learn more about our Web App Pen Testing.