Cross-Site Scripting in SAMSUNG X7400GX SyncThru Web Service
CVE-2019-7421

6.1MEDIUM

Key Information:

Vendor
Samsung
Status
Syncthru Web Service
Vendor
CVE Published:
17 March 2019

Summary

The SAMSUNG X7400GX SyncThru Web Service is affected by a Cross-Site Scripting vulnerability found in the '/sws.login/gnb/loginView.sws' endpoint. This vulnerability manipulates multiple parameters, including 'contextpath' and 'basedURL', enabling attackers to execute malicious scripts in the context of a user's session, potentially compromising sensitive data and user security.

References

http://packetstormsecurity.com/files/151584/SAMSUNG-X7400...
x_refsource_MISC
http://www.samsungprinter.com/
x_refsource_MISC
http://www.samsung.com/Support/ProductSupport/download/in...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.