XSS in Kyocera Printer - ECOSYS M2640IDW
Sep 15, 2020
--
This post will be describe how to explore Cross-Site Scripting in web panel in Kyocera printer
PoC - exploiting XSS on web panel
Without being authenticated it is allowed add a new address in “Machine Address Book”, this feature allows to save frequently used destinations
Inserting the XSS payload in the “Name” field and saving the address is possible identify the result of attack









