CVE-2023-23572
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
11/04/2023
Last modified:
11/02/2025
Description
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
Impact
Base Score 3.x
4.80
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:epson:lp-9200ps2_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-9200ps2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-9200ps3_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-9200ps3:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-8200c_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-8200c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-9600_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-9600:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-9600s_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-9600s:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-9300_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-9300:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-8500c_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:epson:lp-8500c:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:epson:lp-8700ps3_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page