CVE-2013-6033

EPSS 0.32%
Veröffentlicht 04.02.2014 05:39:08
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cret@cert.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Lexmark ≫ C52x Version <= ls.fa.p150

Lexmark ≫ C53x Version <= ls.sw.p069

Lexmark ≫ C920 Version <= ls.ta.p152

Lexmark ≫ C935dn Version <= lc.jo.p091

Lexmark ≫ E250 Version <= le.pm.p126

Lexmark ≫ E350 Version <= le.ph.p129

Lexmark ≫ E450 Version <= lm.sz.p124

Lexmark ≫ T64x Version <= ls.st.p343

Lexmark ≫ W840 Version <= ls.ha.p252

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.518

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.5	6.8	2.9	AV:N/AC:M/Au:S/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.kb.cert.org/vuls/id/108062

US Government Resource

http://support.lexmark.com/index?page=content&id=TE585

Vendor Advisory

http://www.osvdb.org/102752

http://www.securityfocus.com/bid/65277

https://nvd.nist.gov/vuln/detail/CVE-2013-6033

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-6033

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-6033

EUVD