CVE-2019-7421 — Cross-site Scripting in Samsung X7400gx Firmware

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.5%

top 35.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samsung X7400gx Firmware

Timeline

PublishedMar 21

Latest updateMay 14

Description

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDsamsung/x7400gx_firmware6.a6.25

🔴Vulnerability Details

GHSA

GHSA-r3wq-v7xc-m5hr: XSS exists in SAMSUNG X7400GX SyncThru Web Service V6↗2022-05-14

▶

CVEList

CVE-2019-7421: XSS exists in SAMSUNG X7400GX SyncThru Web Service V6↗2019-03-17

▶