Multiple Stored XSS Vulnerabilities in Xerox Web Application for Phaser Printers
CVE-2019-13167

6.1MEDIUM

Key Information:

Vendor: Xerox
Status: Phaser 3320 Firmware
Vendor: CVE Published:; 13 March 2020

Summary

Multiple Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in the Xerox Web Application, particularly affecting the Phaser 3320 series. These vulnerabilities can allow attackers to inject malicious scripts into the web application, potentially leading to session hijacking of administrative accounts or execution of unauthorized actions. Attackers leveraging these vulnerabilities may exploit user interactions with the web interface, emphasizing the necessity for immediate security measures.

References

https://security.business.xerox.com/

x_refsource_MISC

https://www.nccgroup.trust/us/our-research/technical-advi...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 13, 2020
Vulnerability Reserved
Jul 2, 2019