CVE-2019-18791

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser.

Published: Feb 13, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-18791
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
lexmark / cx31x_firmware	-	lw73.vyl.p263.x
lexmark / cx41x_firmware	-	lw73.vy2.p263.x
lexmark / cx310_firmware	-	lw73.gm2.p263.x
lexmark / ms310_firmware	-	lw73.prl.p263.x
lexmark / ms312_firmware	-	lw73.prl.p263.x
lexmark / ms317_firmware	-	lw73.prl.p263.x
lexmark / ms410_firmware	-	lw73.prl.p263.x
lexmark / m1140_firmware	-	lw73.prl.p263.x
lexmark / ms315_firmware	-	lw73.tl2.p263.x
lexmark / ms415_firmware	-	lw73.tl2.p263.x
lexmark / ms417_firmware	-	lw73.tl2.p263.x
lexmark / ms51x_firmware	-	lw73.pr2.p263.x
lexmark / ms610dn_firmware	-	lw73.pr2.p263.x
lexmark / ms617_firmware	-	lw73.pr2.p263.x
lexmark / m1145_firmware	-	lw73.pr2.p263.x
lexmark / m3150dn_firmware	-	lw73.pr2.p263.x
lexmark / ms71x_firmware	-	lw73.dn2.p263.x
lexmark / m5163dn_firmware	-	lw73.dn2.p263.x
lexmark / ms810_firmware	-	lw73.dn2.p263.x
lexmark / ms811_firmware	-	lw73.dn2.p263.x
lexmark / ms812_firmware	-	lw73.dn2.p263.x
lexmark / ms817_firmware	-	lw73.dn2.p263.x
lexmark / ms818_firmware	-	lw73.dn2.p263.x
lexmark / ms810de_firmware	-	lw73.dn4.p263.x
lexmark / m5155_firmware	-	lw73.dn4.p263.x
lexmark / m5163_firmware	-	lw73.dn4.p263.x
lexmark / ms812de_firmware	-	lw73.dn7.p263.x
lexmark / m5170_firmware	-	lw73.dn7.p263.x
lexmark / ms91x_firmware	-	lw73.sa.p263.x
lexmark / mx31x_firmware	-	lw73.sb2.p263.x
lexmark / xm1135_firmware	-	lw73.sb2.p263.x
lexmark / mx410_firmware	-	lw73.sb4.p263.x
lexmark / mx510_firmware	-	lw73.sb4.p263.x
lexmark / mx511_firmware	-	lw73.sb4.p263.x
lexmark / mx610_firmware	-	lw73.sb7.p263.x
lexmark / mx611_firmware	-	lw73.sb7.p263.x
lexmark / xm3150_firmware	-	lw73.sb7.p263.x
lexmark / mx71x_firmware	-	lw73.tu.p263.x
lexmark / mx81x_firmware	-	lw73.tu.p263.x
lexmark / xm51xx_firmware	-	lw73.tu.p263.x
lexmark / xm71xx_firmware	-	lw73.tu.p263.x
lexmark / mx91x_firmware	-	lw73.mg.p263.x
lexmark / xm91x_firmware	-	lw73.mg.p263.x
lexmark / mx6500e_firmware	-	lw73.jd.p263.x
lexmark / c746_firmware	-	lhs60.cm2.p731.x
lexmark / c748_firmware	-	lhs60.cm4.p731.x
lexmark / cs748_firmware	-	lhs60.cm4.p731.x
lexmark / c792_firmware	-	lhs60.hc.p731.x
lexmark / cs796_firmware	-	lhs60.hc.p731.x
lexmark / c925_firmware	-	lhs60.hv.p731.x
lexmark / c950_firmware	-	lhs60.tp.p731.x
lexmark / x548_firmware	-	lhs60.vk.p731.x
lexmark / xs548_firmware	-	lhs60.vk.p731.x
lexmark / x74x_firmware	-	lhs60.ny.p731.x
lexmark / xs748_firmware	-	lhs60.ny.p731.x
lexmark / x792_firmware	-	lhs60.mr.p731.x
lexmark / xs79x_firmware	-	lhs60.mr.p731.x
lexmark / x925_firmware	-	lhs60.hk.p731.x
lexmark / xs925_firmware	-	lhs60.hk.p731.x
lexmark / x95x_firmware	-	lhs60.tq.p731.x
lexmark / xs95x_firmware	-	lhs60.tq.p731.x
lexmark / 6500e_firmware	-	lhs60.jr.p731.x
lexmark / c734_firmware	-	lr.sk.p822.x
lexmark / c736_firmware	-	lr.ske.p822.x
lexmark / e46x_firmware	-	lr.lbh.p822.x
lexmark / t65x_firmware	-	lr.jp.p822.x
lexmark / x46x_firmware	-	lr.bs.p822.x
lexmark / x65x_firmware	-	lr.mn.p822.x
lexmark / x73x_firmware	-	lr.fl.p822.x
lexmark / w850_firmware	-	lp.jb.p821.x
lexmark / x86x_firmware	-	lp.sp.p821.x
lexmark / cx410_firmware	-	lw73.gm4.p263.x
lexmark / xc2130_firmware	-	lw73.gm4.p263.x
lexmark / cx510_firmware	-	lw73.gm7.p263.x
lexmark / xc2132_firmware	-	lw73.gm7.p263.x
lexmark / cx51x_firmware	-	lw73.vy4.p263.x
lexmark / ms610de_firmware	-	lw73.pr4.p263.x
lexmark / m3150_firmware	-	lw73.pr4.p263.x
lexmark / xm1140_firmware	-	lw73.sb4.p263.x
lexmark / xm1145_firmware	-	lw73.sb4.p263.x

Vulnerability Database

290,206

CVE-2019-18791