Vulnerability Details : CVE-2019-19772
Various Lexmark products have reflected XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2019-19772
- cpe:2.3:o:lexmark:cx310_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx410_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cx510_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc2132_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx31x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm1145_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm3150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx71x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx81x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm51xx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm71xx_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx91x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm91x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:x74x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xs79x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:x95x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xs95x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:x46x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:x65x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:x73x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:x86x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs31x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs41x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms310_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms312_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms317_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms410_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m1140_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms315_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms415_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms417_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm1135_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms51x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms610dn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms617_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m1145_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m3150dn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms71x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m5163dn_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms810_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms811_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms812_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms817_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms818_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms810de_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m5155_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m5163_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms812de_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m5170_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms91x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx410_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx510_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx511_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx610_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx611_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:mx6500e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c746_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c748_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs748_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c792_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs796_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c925_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c950_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:x548_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xs548_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xs748_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:x792_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:x925_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xs925_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:6500e_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c734_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:c736_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:e46x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:t65x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:w850_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:cs51x_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:ms610de_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:m3150_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xc2130_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:lexmark:xm1140_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-19772
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-19772
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
5.4
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
2.3
|
2.7
|
NIST |
CWE ids for CVE-2019-19772
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-19772
-
http://support.lexmark.com/index?page=content&id=TE935&locale=en&userlocale=EN_US
Lexmark United States Lexmark Security Advisory: Cross Site Scripting vulnerabilities (CVE-2019-19772, CVE-2019-19773)Vendor Advisory
Jump to