Cross-Site Scripting Vulnerabilities in Lexmark Printers
CVE-2013-6033

Currently unrated

Key Information:

Vendor: Lexmark
Status: E450; C935dn; W840; E250
Vendor: CVE Published:; 4 February 2014

Summary

Multiple cross-site scripting (XSS) vulnerabilities exist in various Lexmark printer models. These vulnerabilities allow remote authenticated users to inject arbitrary web scripts or HTML into the printer's web interface through SNMP or the Embedded Web Server (EWS). This can be accomplished by modifying the Contact or Location fields, potentially leading to unauthorized actions and data exposure.

References

http://www.kb.cert.org/vuls/id/108062

third-party-advisoryx_refsource_CERT-VN

http://www.securityfocus.com/bid/65277

vdb-entryx_refsource_BID

http://www.osvdb.org/102752

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Feb 4, 2014
Vulnerability Reserved
Oct 4, 2013