{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1769", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "state": "PUBLISHED", "assignerShortName": "Xerox", "dateReserved": "2026-02-02T15:52:12.797Z", "datePublished": "2026-02-06T17:19:45.450Z", "dateUpdated": "2026-02-06T18:42:12.895Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows"], "product": "CentreWare", "vendor": "Xerox", "versions": [{"lessThanOrEqual": "7.0.6", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2026-02-02T18:30:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.<p>This issue affects CentreWare: through 7.0.6.&nbsp;</p><p>Consider \nupgrading Xerox\u00ae CentreWare Web\u00ae to v7.2.2.25 via the software available on Xerox.com<br></p>"}], "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6.\u00a0\n\nConsider \nupgrading Xerox\u00ae CentreWare Web\u00ae to v7.2.2.25 via the software available on Xerox.com"}], "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2026-02-06T17:20:16.984Z"}, "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-XRX26-003-for-Xerox-CentreWare-Web.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Stored XSS on Xerox CentreWare Web 7.0.6", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-06T18:41:28.188769Z", "id": "CVE-2026-1769", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T18:42:12.895Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1769", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-06T18:41:28.188769Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-06T18:42:06.665Z"}}], "cna": {"title": "Stored XSS on Xerox CentreWare Web 7.0.6", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-592", "descriptions": [{"lang": "en", "value": "CAPEC-592 Stored XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Xerox", "product": "CentreWare", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "7.0.6"}], "platforms": ["Windows"], "defaultStatus": "affected"}], "datePublic": "2026-02-02T18:30:00.000Z", "references": [{"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-XRX26-003-for-Xerox-CentreWare-Web.pdf"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6.\u00a0\n\nConsider \nupgrading Xerox\u00ae CentreWare Web\u00ae to v7.2.2.25 via the software available on Xerox.com", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.<p>This issue affects CentreWare: through 7.0.6.&nbsp;</p><p>Consider \nupgrading Xerox\u00ae CentreWare Web\u00ae to v7.2.2.25 via the software available on Xerox.com<br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "shortName": "Xerox", "dateUpdated": "2026-02-06T17:20:16.984Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1769", "state": "PUBLISHED", "dateUpdated": "2026-02-06T18:42:12.895Z", "dateReserved": "2026-02-02T15:52:12.797Z", "assignerOrgId": "10b61619-3869-496c-8a1e-f291b0e71e3f", "datePublished": "2026-02-06T17:19:45.450Z", "assignerShortName": "Xerox"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xerox:centreware_web:*:*:*:*:*:*:*:*", "matchCriteriaId": "382DF13C-043B-4D3C-A00F-E7C6EF80FD6A", "versionEndIncluding": "7.0.6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Xerox CentreWare on Windows allows Stored XSS.This issue affects CentreWare: through 7.0.6.\u00a0\n\nConsider \nupgrading Xerox\u00ae CentreWare Web\u00ae to v7.2.2.25 via the software available on Xerox.com"}], "id": "CVE-2026-1769", "lastModified": "2026-02-24T20:58:11.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 4.2, "source": "10b61619-3869-496c-8a1e-f291b0e71e3f", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-06T18:15:56.193", "references": [{"source": "10b61619-3869-496c-8a1e-f291b0e71e3f", "tags": ["Vendor Advisory"], "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2026/02/Xerox-Security-Bulletin-XRX26-003-for-Xerox-CentreWare-Web.pdf"}], "sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "10b61619-3869-496c-8a1e-f291b0e71e3f", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T13:33:29.188901+00:00", "value": {"mitigation_remediation": ["Upgrade Xerox CentreWare Web to at least version 7.2.2.25 using the official update bundles available on Xerox.com.", "Apply input sanitization that escapes or removes script tags and other executable content from user\u2011supplied data, following standard practices for mitigating CWE\u201179.", "Restrict access to the vulnerable interfaces and monitor web traffic for anomalous activity using a web application firewall or security logging tools."], "summary": {"action": "Upgrade", "impact": "Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "Xerox CentreWare Web on Microsoft Windows operating systems is affected in all releases up to and including version 7.0.6. Any deployment of these versions that exposes the vulnerable web pages is susceptible.", "description_and_impact": "The vulnerability is an Improper Neutralization of Input During Web Page Generation flaw that permits stored cross\u2011site scripting (XSS). Attackers can insert malicious code into user\u2011controlled fields; the code is subsequently saved and rendered within the web application when other users view the affected content, causing arbitrary JavaScript to execute in those users\u2019 browsers.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate impact, while the EPSS of less than 1\u202f% points to a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is likely via the web interface where user input is stored; no explicit authentication or privilege prerequisites are stated, so exploitation could be possible from any user who can submit data to the vulnerable page."}}}}, "created": "2026-02-09T10:50:28.349455+00:00", "updated": "2026-04-18T13:45:45.667952+00:00", "vendors": ["xerox", "xerox$PRODUCT$centreware_web"]}