Stored XSS Vulnerability in Lexmark's Embedded Web Server
CVE-2019-19773

5.4MEDIUM

Key Information:

Vendor: Lexmark
Status: Cs31x Firmware
Vendor: CVE Published:; 6 March 2020

Summary

Various Lexmark products exhibit a stored Cross-Site Scripting (XSS) vulnerability within their embedded web server used in older device models. This allows attackers to inject malicious scripts that can be executed in users' browsers, potentially compromising user data and security. For further details and a list of affected products, visit Lexmark's support page.

References

http://support.lexmark.com/index?page=content&id=TE935&lo...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 6, 2020
Vulnerability Reserved
Dec 12, 2019