Cross-Site Scripting in SAMSUNG X7400GX SyncThru Web Service
CVE-2019-7418

6.1MEDIUM

Key Information:

Vendor
Samsung
Status
Syncthru Web Service
Vendor
CVE Published:
21 March 2019

Summary

A cross-site scripting (XSS) vulnerability has been identified in the SAMSUNG X7400GX SyncThru Web Service. This flaw exists in the '/sws/swsAlert.sws' endpoint, where multiple parameters including flag, frame, func, and Nfunc are susceptible to exploitation. Attackers can inject malicious scripts, potentially leading to unauthorized actions or data theft when the affected web service processes these parameters.

References

http://packetstormsecurity.com/files/151584/SAMSUNG-X7400...
x_refsource_MISC
http://www.samsungprinter.com/
x_refsource_MISC
http://www.samsung.com/Support/ProductSupport/download/in...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.