CVE-2020-10094

A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.

Published: Apr 28, 2020
Updated: Apr 13, 2023
CVE: CVE-2020-10094
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
lexmark / cs31x_firmware	-	lw74.vyl.p272.x
lexmark / cs41x_firmware	-	lw74.vy2.p272.x
lexmark / cs51x_firmware	-	lw74.vy4.p272.x
lexmark / cx310_firmware	-	lw74.gm2.p272.x
lexmark / cx410_firmware	-	lw74.gm4.p272.x
lexmark / xc2130_firmware	-	lw74.gm4.p272.x
lexmark / cx510_firmware	-	lw74.gm7.p272.x
lexmark / xc2132_firmware	-	lw74.gm7.p272.x
lexmark / ms310_firmware	-	lw74.prl.p272.x
lexmark / ms312_firmware	-	lw74.prl.p272.x
lexmark / ms317_firmware	-	lw74.prl.p272.x
lexmark / ms410_firmware	-	lw74.prl.p272.x
lexmark / m1140_firmware	-	lw74.prl.p272.x
lexmark / ms315_firmware	-	lw74.tl2.p272.x
lexmark / ms415_firmware	-	lw74.tl2.p272.x
lexmark / ms417_firmware	-	lw74.tl2.p272.x
lexmark / ms51x_firmware	-	lw74.pr2.p272.x
lexmark / ms610dn_firmware	-	lw74.pr2.p272.x
lexmark / ms617_firmware	-	lw74.pr2.p272.x
lexmark / m1145_firmware	-	lw74.pr2.p272.x
lexmark / m3150dn_firmware	-	lw74.pr2.p272.x
lexmark / ms610de_firmware	-	lw74.pr4.p272.x
lexmark / m3150_firmware	-	lw74.pr4.p272.x
lexmark / ms71x_firmware	-	lw74.dn2.p272.x
lexmark / m5163dn_firmware	-	lw74.dn2.p272.x
lexmark / ms810_firmware	-	lw74.dn2.p272.x
lexmark / ms811_firmware	-	lw74.dn2.p272.x
lexmark / ms812_firmware	-	lw74.dn2.p272.x
lexmark / ms817_firmware	-	lw74.dn2.p272.x
lexmark / ms818_firmware	-	lw74.dn2.p272.x
lexmark / ms810de_firmware	-	lw74.dn4.p272.x
lexmark / m5155_firmware	-	lw74.dn4.p272.x
lexmark / m5163_firmware	-	lw74.dn4.p272.x
lexmark / ms812de_firmware	-	lw74.dn7.p272.x
lexmark / m5170_firmware	-	lw74.dn7.p272.x
lexmark / ms91x_firmware	-	lw74.sa.p272.x
lexmark / mx31x_firmware	-	lw74.sb2.p272.x
lexmark / xm1135_firmware	-	lw74.sb2.p272.x
lexmark / mx410_firmware	-	lw74.sb4.p272.x
lexmark / mx510_firmware	-	lw74.sb4.p272.x
lexmark / mx511_firmware	-	lw74.sb4.p272.x
lexmark / xm1140_firmware	-	lw74.sb4.p272.x
lexmark / xm1145_firmware	-	lw74.sb4.p272.x
lexmark / mx610_firmware	-	lw74.sb7.p272.x
lexmark / mx611_firmware	-	lw74.sb7.p272.x
lexmark / xm3150_firmware	-	lw74.sb7.p272.x
lexmark / mx71x_firmware	-	lw74.tu.p272.x
lexmark / mx81x_firmware	-	lw74.tu.p272.x
lexmark / xm51xx_firmware	-	lw74.tu.p272.x
lexmark / xm71xx_firmware	-	lw74.tu.p272.x
lexmark / mx91x_firmware	-	lw74.mg.p272.x
lexmark / xm91x_firmware	-	lw74.mg.p272.x
lexmark / mx6500e_firmware	-	lw74.jd.p272.x
lexmark / c746_firmware	-	lhs60.cm2.p737.x
lexmark / c748_firmware	-	lhs60.cm4.p737.x
lexmark / cs748_firmware	-	lhs60.cm4.p737.x
lexmark / c792_firmware	-	lhs60.hc.p737.x
lexmark / cs796_firmware	-	lhs60.hc.p737.x
lexmark / c925_firmware	-	lhs60.hv.p737.x
lexmark / c950_firmware	-	lhs60.tp.p737.x
lexmark / x548_firmware	-	lhs60.vk.p737.x
lexmark / xs548_firmware	-	lhs60.vk.p737.x
lexmark / x74x_firmware	-	lhs60.ny.p737.x
lexmark / xs748_firmware	-	lhs60.ny.p737.x
lexmark / x792_firmware	-	lhs60.mr.p737.x
lexmark / xs79x_firmware	-	lhs60.mr.p737.x
lexmark / x925_firmware	-	lhs60.hk.p737.x
lexmark / xs925_firmware	-	lhs60.hk.p737.x
lexmark / x95x_firmware	-	lhs60.tq.p737.x
lexmark / xs95x_firmware	-	lhs60.tq.p737.x
lexmark / 6500e_firmware	-	lhs60.jr.p737.x
lexmark / c734_firmware	-	lr.sk.p824.x
lexmark / c736_firmware	-	lr.ske.p824.x
lexmark / e46x_firmware	-	lr.lbh.p824.x
lexmark / t65x_firmware	-	lr.jp.p824.x
lexmark / x46x_firmware	-	lr.bs.p824.x
lexmark / x65x_firmware	-	lr.mn.p824.x
lexmark / x73x_firmware	-	lr.fl.p824.x
lexmark / w850_firmware	-	lp.jb.p823.x
lexmark / x86x_firmware	-	lp.sp.p823.x

http://support.lexmark.com/index?page=content&id=TE936

Vulnerability Database

290,206

CVE-2020-10094