VYPR
Vendor

Xerox

Xerox Corporation is an American corporation that sells printers, digital document products and services in more than 160 countries. Xerox was the pioneer of the photocopier market, beginning with the introduction of the Xerox 914 in 1959, so much so that the word xerox is commonly used as a synonym for photocopy. Xerox is headquartered in Norwalk, Connecticut, though it is incorporated in New York with its largest group of employees based around Rochester, New York, where the company was founded. As a large developed company, it is consistently placed in the list of Fortune 500 companies.

Founded 1906
Products
53
CVEs
119
Across products
227
Status
Private

Products

53
View all 53 products →

Recent CVEs

119
View all 119 CVEs →
  • CVE-2024-47555HigOct 7, 2024
    risk 0.54cvss 8.3epss 0.00

    Missing Authentication - User & System Configuration

  • CVE-2025-1984MedMar 12, 2025
    risk 0.34cvss 5.2epss 0.00

    Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access.

  • CVE-2008-3571Aug 10, 2008
    risk 0.06cvss epss 0.36

    The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.

  • CVE-2014-3138May 2, 2014
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/.…

  • CVE-2009-3913Nov 9, 2009
    risk 0.03cvss epss 0.03

    SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.

  • CVE-2008-5225Nov 25, 2008
    risk 0.03cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare 6 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI under (1) SearchResults/ and (2) Services/ in dsdn/dsweb/, and (3) the default URI under…

  • CVE-2026-2252Feb 27, 2026
    risk 0.00cvss epss 0.00

    An XML External Entity (XXE) vulnerability allows malicious user to perform Server-Side Request Forgery (SSRF) via crafted XML input containing malicious external entity references. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7.  Please consider…

  • CVE-2026-2251Feb 27, 2026
    risk 0.00cvss epss 0.00

    Improper limitation of a pathname to a restricted directory (Path Traversal) vulnerability in Xerox FreeFlow Core allows unauthorized path traversal leading to RCE. This issue affects Xerox FreeFlow Core versions up to and including 8.0.7. Please consider upgrading to…

  • CVE-2026-1769Feb 6, 2026
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6.  Consider upgrading Xerox® CentreWare Web® to v7.2.2.25 via the software…

  • CVE-2025-8356Aug 8, 2025
    risk 0.00cvss epss 0.15

    In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution (RCE), allowing the attacker to run arbitrary commands on the system.

  • CVE-2025-8355Aug 8, 2025
    risk 0.00cvss epss 0.07

    In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this results in a Server-Side Request Forgery (SSRF).

  • CVE-2024-55931Jan 27, 2025
    risk 0.00cvss epss 0.00

    Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised.  The patch for this vulnerability will be included in a future release of Workplace Suite, and customers will be notified through an update to…

  • CVE-2024-55930Jan 23, 2025
    risk 0.00cvss epss 0.00

    Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files

  • CVE-2024-55929Jan 23, 2025
    risk 0.00cvss epss 0.00

    A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources.

  • CVE-2024-55928Jan 23, 2025
    risk 0.00cvss epss 0.00

    Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption

  • CVE-2024-55927Jan 23, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading to unauthorized access to sensitive functions.

  • CVE-2024-55926Jan 23, 2025
    risk 0.00cvss epss 0.00

    A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validation of headers, attackers can gain unauthorized access to data

  • CVE-2024-55925Jan 23, 2025
    risk 0.00cvss epss 0.00

    In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This…

  • CVE-2024-47559Oct 7, 2024
    risk 0.00cvss epss 0.00

    Authenticated RCE via Path Traversal

  • CVE-2024-47558Oct 7, 2024
    risk 0.00cvss epss 0.00

    Authenticated RCE via Path Traversal