Cross-Site Scripting (XSS) Vulnerability

Security Announcement ― Cross-Site Scripting (XSS) Vulnerability in KYOCERA Command Center on MFPs/Printers

Japan, July 14, 2014 – KYOCERA Document Solutions Inc., announced a Cross-Site scripting (XSS) vulnerability was found in the KYOCERA Command Center* (hereinafter referred to as Command Center) that is installed in the MFPs and Printers mentioned below.

*Note: KYOCERA Command Center refers to the web server that is installed in the MFPs/Printers from which you can verify the operating status of the machine and make settings related to security, network printing, email transmission and advanced networking.


A malicious attacker could cause arbitrary scripting code to be executed on the client-side web browser when the user is accessing the Command Center.

To avoid such an effect, please do not access other websites when accessing the Command Center.

Products

Monochrome MFPs

  • ECOSYS FS-3640MFP / 3540MFP
  • ECOSYS FS-6030MFP / 6025MFP
  • ECOSYS FS-3640MFP
  • TASKalfa 305 / 255

Color MFPs

  • ECOSYS FS- C2626MFP / C2526MFP
  • ECOSYS FS- C2126MFP+ / C2026MFP+ / C2126MFP / C2026MFP
  • ECOSYS FS- C8025MFP / C8020MFP
  • TASKalfa 265ci / 255c / 205c

Color Printers

  • ECOSYS FS-C5150DN / C5250D

Please contact us for further information.