4.8
CVE-2023-23572
- EPSS 0.28%
- Published 11.04.2023 09:15:07
- Last modified 11.02.2025 16:15:31
- Source vultures@jpcert.or.jp
- Teams watchlist Login
- Open Login
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.
Data is provided by the National Vulnerability Database (NVD)
Epson ≫ Lp-9200ps2 Firmware Version-
Epson ≫ Lp-9200ps3 Firmware Version-
Epson ≫ Lp-8200c Firmware Version-
Epson ≫ Lp-9600 Firmware Version-
Epson ≫ Lp-9600s Firmware Version-
Epson ≫ Lp-9300 Firmware Version-
Epson ≫ Lp-8500c Firmware Version-
Epson ≫ Lp-8700ps3 Firmware Version-
Epson ≫ Lp-9800c Firmware Version-
Epson ≫ Lp-s5500 Firmware Version-
Epson ≫ Lp-9200b Firmware Version-
Epson ≫ Lp-9200c Firmware Version-
Epson ≫ Lp-s4500 Firmware Version-
Epson ≫ Lp-s6500 Firmware Version-
Epson ≫ Lp-s7000 Firmware Version-
Epson ≫ Lp-s5000 Firmware Version-
Epson ≫ Lp-s4000 Firmware Version-
Epson ≫ Lp-s6000 Firmware Version-
Epson ≫ Lp-s5300 Firmware Version-
Epson ≫ Lp-s5300r Firmware Version-
Epson ≫ Lp-s300n Firmware Version-
Epson ≫ Lp-s310n Firmware Version-
Epson ≫ Lp-s3000 Firmware Version-
Epson ≫ Lp-s3000r Firmware Version-
Epson ≫ Lp-s3000z Firmware Version-
Epson ≫ Lp-s3000ps Firmware Version-
Epson ≫ Lp-s7500 Firmware Version-
Epson ≫ Lp-s7500ps Firmware Version-
Epson ≫ Lp-s3500 Firmware Version-
Epson ≫ Lp-s4200 Firmware Version-
Epson ≫ Lp-s9000 Firmware Version-
Epson ≫ Lp-s7100 Firmware Version-
Epson ≫ Lp-s8100 Firmware Version-
Epson ≫ Prifnw1 Firmware Version-
Epson ≫ Prifnw1s Firmware Version-
Epson ≫ Prifnw2 Firmware Version-
Epson ≫ Prifnw2ac Firmware Version-
Epson ≫ Prifnw2s Firmware Version-
Epson ≫ Prifnw2sac Firmware Version-
Epson ≫ Prifnw3 Firmware Version-
Epson ≫ Prifnw3s Firmware Version-
Epson ≫ Prifnw6 Firmware Version-
Epson ≫ Prifnw7 Firmware Version-
Epson ≫ Prifnw7u Firmware Version-
Epson ≫ Prifnw7s Firmware Version-
Epson ≫ Pa-w11g Firmware Version-
Epson ≫ Pa-w11g2 Firmware Version-
Epson ≫ Esnsb1 Firmware Version-
Epson ≫ Esnsb2 Firmware Version-
Epson ≫ Esifnw1 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.485 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.