CVE-2020-10094

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.4%

top 42.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Lexmark 6500e Firmware Lexmark C734 Firmware Lexmark C736 Firmware +77 more

Timeline

PublishedApr 28

Latest updateMay 24

Description

A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages80 packages

▶NVDlexmark/xm1140_firmwarelw74.sb4.p272

▶NVDlexmark/xm1145_firmwarelw74.sb4.p272

▶NVDlexmark/xm3150_firmwarelw74.sb7.p272

▶NVDlexmark/m3150dn_firmwarelw74.pr2.p272

▶NVDlexmark/m5163dn_firmwarelw74.dn2.p272

🔴Vulnerability Details

GHSA

GHSA-wr43-jjw8-6v2v: A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74↗2022-05-24

▶

CVEList

CVE-2020-10094: A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74↗2020-04-28

▶