← Back

CVE-2013-6033

nvd nist
Published: Feb 4, 2014Modified: Apr 29, 2026

JSON object

Loading...
3.5
Vector
AV:N/AC:M/Au:S/C:N/I:P/A:N
Exploitability: 6.8 / Impact: 2.9
Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.

Affected (9)

Lexmark
9 products
C52x
C53x
C920
C935dn
E250
E350
E450
T64x
W840
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
C52x
Up to ls.fa.p150
C53x
Up to ls.sw.p069
C920
Up to ls.ta.p152
C935dn
Up to lc.jo.p091
E250
Up to le.pm.p126
E350
Up to le.ph.p129
E450
Up to lm.sz.p124
T64x
Up to ls.st.p343
W840
Up to ls.ha.p252

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

Source: cret@cert.org
Vendor Advisory
Source: cret@cert.org
US Government Resource
Source: cret@cert.org
Source: cret@cert.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.