Xerox
Xerox Corporation is an American corporation that sells printers, digital document products and services in more than 160 countries. Xerox was the pioneer of the photocopier market, beginning with the introduction of the Xerox 914 in 1959, so much so that the word xerox is commonly used as a synonym for photocopy. Xerox is headquartered in Norwalk, Connecticut, though it is incorporated in New York with its largest group of employees based around Rochester, New York, where the company was founded. As a large developed company, it is consistently placed in the list of Fortune 500 companies.
Products
53- 55 CVEs
- 18 CVEs
- 18 CVEs
- 15 CVEs
- 14 CVEs
- 12 CVEs
- 9 CVEs
- 7 CVEs
- 5 CVEs
- 5 CVEs
- 5 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- View all 53 products →
Recent CVEs
119| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47555 | Hig | 0.54 | 8.3 | 0.00 | Oct 7, 2024 | Missing Authentication - User & System Configuration | ||
| CVE-2025-1984 | Med | 0.34 | 5.2 | 0.00 | Mar 12, 2025 | Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. | ||
| CVE-2008-3571 | 0.06 | — | 0.36 | Aug 10, 2008 | The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900. | |||
| CVE-2014-3138 | 0.03 | — | 0.03 | May 2, 2014 | SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/.… | |||
| CVE-2009-3913 | 0.03 | — | 0.03 | Nov 9, 2009 | SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter. | |||
| CVE-2008-5225 | 0.03 | — | 0.04 | Nov 25, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under… | |||
| CVE-2026-2252 | 0.00 | — | 0.00 | Feb 27, 2026 | An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider… | |||
| CVE-2026-2251 | 0.00 | — | 0.00 | Feb 27, 2026 | Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to… | |||
| CVE-2026-1769 | 0.00 | — | 0.00 | Feb 6, 2026 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software… | |||
| CVE-2025-8356 | 0.00 | — | 0.15 | Aug 8, 2025 | In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system. | |||
| CVE-2025-8355 | 0.00 | — | 0.07 | Aug 8, 2025 | In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF). | |||
| CVE-2024-55931 | 0.00 | — | 0.00 | Jan 27, 2025 | Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to… | |||
| CVE-2024-55930 | 0.00 | — | 0.00 | Jan 23, 2025 | Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files | |||
| CVE-2024-55929 | 0.00 | — | 0.00 | Jan 23, 2025 | A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources. | |||
| CVE-2024-55928 | 0.00 | — | 0.00 | Jan 23, 2025 | Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption | |||
| CVE-2024-55927 | 0.00 | — | 0.00 | Jan 23, 2025 | A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions. | |||
| CVE-2024-55926 | 0.00 | — | 0.00 | Jan 23, 2025 | A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data | |||
| CVE-2024-55925 | 0.00 | — | 0.00 | Jan 23, 2025 | In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This… | |||
| CVE-2024-47559 | 0.00 | — | 0.00 | Oct 7, 2024 | Authenticated RCE via Path Traversal | |||
| CVE-2024-47558 | 0.00 | — | 0.00 | Oct 7, 2024 | Authenticated RCE via Path Traversal |
- risk 0.54cvss 8.3epss 0.00
Missing Authentication - User & System Configuration
- risk 0.34cvss 5.2epss 0.00
Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.
- CVE-2008-3571Aug 10, 2008risk 0.06cvss —epss 0.36
The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.
- CVE-2014-3138May 2, 2014risk 0.03cvss —epss 0.03
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/.…
- CVE-2009-3913Nov 9, 2009risk 0.03cvss —epss 0.03
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.
- CVE-2008-5225Nov 25, 2008risk 0.03cvss —epss 0.04
Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under…
- CVE-2026-2252Feb 27, 2026risk 0.00cvss —epss 0.00
An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider…
- CVE-2026-2251Feb 27, 2026risk 0.00cvss —epss 0.00
Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to…
- CVE-2026-1769Feb 6, 2026risk 0.00cvss —epss 0.00
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6. Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software…
- CVE-2025-8356Aug 8, 2025risk 0.00cvss —epss 0.15
In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.
- CVE-2025-8355Aug 8, 2025risk 0.00cvss —epss 0.07
In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).
- CVE-2024-55931Jan 27, 2025risk 0.00cvss —epss 0.00
Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to…
- CVE-2024-55930Jan 23, 2025risk 0.00cvss —epss 0.00
Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files
- CVE-2024-55929Jan 23, 2025risk 0.00cvss —epss 0.00
A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.
- CVE-2024-55928Jan 23, 2025risk 0.00cvss —epss 0.00
Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption
- CVE-2024-55927Jan 23, 2025risk 0.00cvss —epss 0.00
A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions.
- CVE-2024-55926Jan 23, 2025risk 0.00cvss —epss 0.00
A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data
- CVE-2024-55925Jan 23, 2025risk 0.00cvss —epss 0.00
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This…
- CVE-2024-47559Oct 7, 2024risk 0.00cvss —epss 0.00
Authenticated RCE via Path Traversal
- CVE-2024-47558Oct 7, 2024risk 0.00cvss —epss 0.00
Authenticated RCE via Path Traversal