Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

CVE-2020-10094

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
28/04/2020
Last modified:
04/05/2020

Description

A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.

Impact

Vector 3.x
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS v3.1 Severity and Metrics:

Base Score: 5.40 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

Base Score 3.x
5.40
Severity 3.x
MEDIUM
Vector 2.0
AV:N/AC:M/Au:S/C:N/I:P/A:N CVSS v2.0 Severity and Metrics:

Base Score: 3.50 LOW
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): Single
Confidentiality (C): None
Integrity (I): Physical
Availability (A): None

Base Score 2.0
3.50
Severity 2.0
LOW

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:lexmark:cs31x_firmware:*:*:*:*:*:*:*:* lw74.vyl.p272 (including)
cpe:2.3:h:lexmark:cs31x:-:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cs41x_firmware:*:*:*:*:*:*:*:* lw74.vy2.p272 (including)
cpe:2.3:h:lexmark:cs41x:-:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cs51x_firmware:*:*:*:*:*:*:*:* lw74.vy4.p272 (including)
cpe:2.3:h:lexmark:cs51x:-:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cx310_firmware:*:*:*:*:*:*:*:* lw74.gm2.p272 (including)
cpe:2.3:h:lexmark:cx310:-:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cx410_firmware:*:*:*:*:*:*:*:* lw74.gm4.p272 (including)
cpe:2.3:h:lexmark:cx410:-:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xc2130_firmware:*:*:*:*:*:*:*:* lw74.gm4.p272 (including)
cpe:2.3:h:lexmark:xc2130:-:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:cx510_firmware:*:*:*:*:*:*:*:* lw74.gm7.p272 (including)
cpe:2.3:h:lexmark:cx510:-:*:*:*:*:*:*:*
cpe:2.3:o:lexmark:xc2132_firmware:*:*:*:*:*:*:*:* lw74.gm7.p272 (including)

To consult the complete list of CPE names with products and versions, see this page


References to Advisories, Solutions, and Tools