Cross-Site Scripting Vulnerability in SAMSUNG Print Management Service
CVE-2019-7420

6.1MEDIUM

Key Information:

Vendor
Samsung
Status
Syncthru Web Service
Vendor
CVE Published:
17 March 2019

Summary

A Cross-Site Scripting vulnerability exists in the SAMSUNG X7400GX SyncThru Web Service, most notably in the tabName parameter of the network information view. This flaw can potentially allow attackers to inject malicious scripts into web pages viewed by users of the affected services, leading to unauthorized access and data compromise.

References

http://packetstormsecurity.com/files/151584/SAMSUNG-X7400...
x_refsource_MISC
http://www.samsungprinter.com/
x_refsource_MISC
http://www.samsung.com/Support/ProductSupport/download/in...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.