CVE-2019-19772

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.4%

top 42.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lexmark 6500e Firmware Lexmark C734 Firmware Lexmark C736 Firmware +77 more

Timeline

PublishedMar 6

Latest updateMay 24

Description

Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages80 packages

▶NVDlexmark/c734_firmwarelr.sk.p822

▶NVDlexmark/c736_firmwarelr.ske.p822

▶NVDlexmark/c746_firmwarelhs60.cm2.p731

▶NVDlexmark/c748_firmwarelhs60.cm4.p735

▶NVDlexmark/c792_firmwarelhs60.hc.p735

🔴Vulnerability Details

GHSA

GHSA-pfrp-2qvp-2xjj: Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices↗2022-05-24

▶

CVEList

CVE-2019-19772: Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices↗2020-03-06

▶