Cross-Site Scripting Vulnerability in SAMSUNG X7400GX SyncThru Web Service
CVE-2019-7419

6.1MEDIUM

Key Information:

Vendor
Samsung
Status
Syncthru Web Service
Vendor
CVE Published:
21 March 2019

Summary

A cross-site scripting vulnerability has been identified in SAMSUNG X7400GX SyncThru Web Service. The issue arises in the '/sws/leftmenu.sws' endpoint, specifically within multiple parameters, including ruiFw_id, ruiFw_pid, and ruiFw_title. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized actions and data theft. It is critical for users to be aware of this vulnerability and apply the necessary security measures to protect their web service.

References

http://packetstormsecurity.com/files/151584/SAMSUNG-X7400...
x_refsource_MISC
http://www.samsungprinter.com/
x_refsource_MISC
http://www.samsung.com/Support/ProductSupport/download/in...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.