Konica Minolta bizhub Cross-Site Scripting Vulnerability in Display MFP Information List Component
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in Konica Minolta bizhub printers running versions prior to 20250202. The issue arises in the Display MFP Information List component, where the Model Name input can be manipulated to execute malicious scripts. This vulnerability can be exploited remotely and requires user interaction.
Impact
Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject and execute scripts in the context of the user's browser.
Reproduction
To reproduce this vulnerability, access an unprotected authentication page of the affected Konica Minolta bizhub printer. Navigate to the 'Register MFP Unit Number' feature and enter any IP address along with a model name in the text field. After saving, go to the 'Display MFP Information List' option and edit the Model Name field by inserting an XSS payload, such as a script injection using HTML tags. Once saved, the injected script will execute, demonstrating the cross-site scripting vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.