CVE-2026-1769 identifies a Stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79 in Xerox CentreWare Web running on Windows platforms, affecting versions through 7.0.6. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages, which allows malicious scripts to be stored and later executed in the browsers of authenticated users accessing the CentreWare interface. This type of XSS can enable attackers to steal session cookies, perform actions on behalf of users, or exfiltrate sensitive information, thereby compromising confidentiality. The CVSS v3.1 score is 5.3 (medium), reflecting that exploitation requires local access (AV:L), high attack complexity (AC:H), no privileges (PR:N), and user interaction (UI:R). The scope remains unchanged (S:U), with high confidentiality impact (C:H), low integrity impact (I:L), and no availability impact (A:N). Xerox recommends upgrading to version 7.2.2.25 to remediate the issue. No public exploits are known, but the vulnerability poses a risk in environments where CentreWare is used for document management and printer fleet administration, especially in enterprise settings where sensitive documents are handled. The vulnerability highlights the importance of input validation and output encoding in web application security to prevent script injection attacks.

For European organizations, this vulnerability could lead to unauthorized disclosure of sensitive information managed through Xerox CentreWare, including document metadata and user credentials. Attackers exploiting this flaw could hijack user sessions or manipulate the CentreWare interface, potentially disrupting document workflows or gaining footholds for further network intrusion. The confidentiality impact is significant due to the potential exposure of sensitive corporate data. Organizations in sectors such as government, finance, healthcare, and legal services, which rely heavily on secure document management, face elevated risks. Additionally, the requirement for local access and user interaction somewhat limits remote exploitation but does not eliminate insider threat risks or attacks via social engineering. The absence of known exploits reduces immediate risk but does not preclude targeted attacks, especially in high-value environments. Failure to patch could result in compliance issues with European data protection regulations such as GDPR if data breaches occur.

European organizations should immediately inventory their Xerox CentreWare deployments to identify affected versions up to 7.0.6. The primary mitigation is to upgrade CentreWare Web to version 7.2.2.25 or later, as provided by Xerox. Until upgrades are applied, organizations should restrict access to the CentreWare web interface to trusted users and networks, employing network segmentation and strict access controls. Implement web application firewalls (WAFs) with custom rules to detect and block XSS payloads targeting CentreWare. Conduct user awareness training to reduce the risk of social engineering attacks that could facilitate exploitation. Regularly monitor CentreWare logs for suspicious activity indicative of attempted XSS exploitation. Additionally, apply Content Security Policy (CSP) headers where possible to limit script execution contexts. Finally, integrate CentreWare vulnerability status into the organization's patch management and vulnerability assessment programs to ensure timely remediation.