CVE-2019-18791

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.3%

top 46.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lexmark 6500e Firmware Lexmark C734 Firmware Lexmark C736 Firmware +77 more

Timeline

PublishedFeb 13

Latest updateMay 24

Description

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages80 packages

▶NVDlexmark/ms812_firmwarelw73.dn2.p263

▶NVDlexmark/ms812de_firmwarelw73.dn7.p263

▶NVDlexmark/c734_firmwarelr.sk.p822

▶NVDlexmark/c736_firmwarelr.ske.p822

▶NVDlexmark/c746_firmwarelhs60.cm2.p731

🔴Vulnerability Details

GHSA

GHSA-4v8q-wq3r-x874: Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server↗2022-05-24

▶

CVEList

CVE-2019-18791: Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server↗2020-02-13

▶