Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

XEROX — Vulnerabilities & Security Advisories 23

Browse all 23 CVE security advisories affecting XEROX. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Xerox Corporation operates primarily as a provider of document management technologies, including multifunction printers and enterprise software solutions. With twenty-three recorded Common Vulnerabilities and Exposures (CVEs), the company’s historical attack surface has frequently involved remote code execution, cross-site scripting, and privilege escalation flaws within its web-based management interfaces and embedded firmware. These vulnerabilities often stem from insufficient input validation and weak authentication mechanisms in legacy systems. While no catastrophic data breaches have defined its public security history, the persistent presence of critical flaws in network-connected devices highlights ongoing challenges in securing embedded Linux environments. Security researchers continue to identify risks in Xerox’s document workflow software, emphasizing the need for rigorous patch management and network segmentation to mitigate potential exploitation by threat actors targeting enterprise infrastructure.

Top products by XEROX: FreeFlow Core Xerox Workplace Suite AltaLink B8045/B8055/B8065/B8075/B8090 Versalink B400 AltaLink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807 Xerox® Desktop Print Experience CentreWare
CVE IDTitleCVSSSeverityPublished
CVE-2026-2252 XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF) — FreeFlow CoreCWE-611 7.5 High2026-02-27
CVE-2026-2251 Path Traversal leading to Remote Code Execution (RCE) — FreeFlow CoreCWE-22 9.8 Critical2026-02-27
CVE-2026-1769 Stored XSS on Xerox CentreWare Web 7.0.6 — CentreWareCWE-79 5.3 Medium2026-02-06
CVE-2025-8356 Path Traversal leading to RCE — FreeFlow CoreCWE-22 9.8 Critical2025-08-08
CVE-2025-8355 XXE leading to SSRF — FreeFlow CoreCWE-611 7.5 High2025-08-08
CVE-2025-1984 Local Privilege Escalation on Xerox® Desktop Print Experience® v8.5 — Xerox® Desktop Print ExperienceCWE-428 5.2 Medium2025-03-12
CVE-2024-12511 SMB/FTP Address Book Scan Pass-back attack — Versalink B400CWE-306 7.6 High2025-02-03
CVE-2024-12510 LDAP Authentication Sever Pass-back attack — Versalink B400CWE-287 6.7 Medium2025-02-03
CVE-2024-55931 Token stored in session storage — Xerox Workplace SuiteCWE-922 6.5 Medium2025-01-27
CVE-2024-55930 Weak default folder permissions — Xerox Workplace SuiteCWE-276 6.7 Medium2025-01-23
CVE-2024-55929 Mail spoofing — Xerox Workplace SuiteCWE-345 5.3 Medium2025-01-23
CVE-2024-55928 Clear text secrets returned & Remote system secrets in clear text — Xerox Workplace SuiteCWE-312 6.5 Medium2025-01-23
CVE-2024-55927 Flawed token generation implementation & Hard-coded key implementation — Xerox Workplace SuiteCWE-798 7.6 High2025-01-23
CVE-2024-55926 Arbitrary file upload, deletion and read through header manipulation — Xerox Workplace SuiteCWE-434 7.6 High2025-01-23
CVE-2024-55925 API Security bypass through header manipulation — Xerox Workplace SuiteCWE-290 7.5 High2025-01-23
CVE-2024-6333 Authenticated Remote Code Execution in Altalink, Versalink & WorkCentre Products — AltaLink® B8045 / B8055 / B8065 / B8075 / B8090 | C8030 / C8035 / C8045 / C8055 / C807CWE-78 7.2 High2024-10-17
CVE-2024-47559 Authenticated RCE via Path Traversal — FreeFlow CoreCWE-22 7.6 High2024-10-07
CVE-2024-47558 Authenticated RCE via Path Traversal — FreeFlow CoreCWE-22 7.6 High2024-10-07
CVE-2024-47557 Pre-Auth RCE via Path Traversal — FreeFlow CoreCWE-22 8.3 High2024-10-07
CVE-2024-47556 Pre-Auth RCE via Path Traversal — FreeFlow CoreCWE-22 8.3 High2024-10-07
CVE-2024-47555 Missing Authentication - User & System Configuration — FreeFlow CoreCWE-306 8.3 High2024-10-07
CVE-2019-10881 Default hidden Privileged Account Vulnerability in multiple XEROX devices — AltaLink B8045/B8055/B8065/B8075/B8090CWE-259 9.8 -2021-04-13
CVE-2019-10880 多款Xerox产品操作系统命令注入漏洞 — AltaLink B8045/B8055/B8065/B8075/B8090CWE-78 9.8 -2019-04-12

This page lists every published CVE security advisory associated with XEROX. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.